My Feng Shui

Privacy Policy

Last updated: 2025-01-31. This privacy policy applies to the website My Feng Shui (https://myfengshui.app) and its subpages.

1. Controller

The controller responsible for data processing on this website within the meaning of the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP) is:

C. Camenzind GmbH
Furrenstrasse 5
6442 Gersau
Switzerland

For data protection enquiries, please use the contact details given in our Imprint.

2. Data we collect and legal basis

We process personal data only to the extent necessary to operate this website and to provide the services you use.

2.1 Access and usage data

When you visit this website, our hosting provider and we may automatically collect access data (server log data), including: IP address, date and time of the request, requested URL, referrer URL, browser type and version, operating system, and similar technical data. This data is processed to deliver the website, ensure security and stability, and defend against abuse. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR; Art. 6(1) FADP) in the secure and efficient operation of the website.

2.2 Data you provide

If you contact us (e.g. by e-mail or via a contact form, where offered), we process the data you provide (e.g. name, e-mail address, message content) solely to handle your request. The legal basis is performance of a contract or pre-contractual measures, or our legitimate interest in responding to enquiries (Art. 6(1)(b) or (f) GDPR; Art. 6(1) FADP). We do not use contact form data for marketing unless you have given separate consent.

2.3 Firebase

We use Google Firebase (including Firestore) to store and serve content (e.g. blog posts) and, where applicable, for other technical functions. When you view pages, blog content is loaded from Firebase; we do not store your personal data in Firebase for marketing or profiling. Technical access data as described in section 2.1 may be processed by Google in connection with providing the service. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR; Art. 6(1) FADP) in operating the website.

2.4 Google Analytics

We use Google Analytics to analyse how visitors use our website. Google Analytics may collect data such as your IP address (possibly anonymised), device and browser information, pages visited, time on site, and similar usage data, including via cookies and similar technologies. This helps us understand usage patterns and improve the site. Where required by law (e.g. in the EEA and Switzerland), we use Google Analytics only with your consent. The legal basis is your consent (Art. 6(1)(a) GDPR; Art. 6(1) FADP) or, where applicable, our legitimate interest in analysing site usage (Art. 6(1)(f) GDPR). You can withdraw consent or opt out at any time (see section 5). Google may process data in the USA; we rely on appropriate safeguards (e.g. standard contractual clauses). For more information, see Google Privacy Policy and How Google uses data when you use our partners’ sites or apps.

2.5 Loops

We use Loops (loops.so) for email communications, such as newsletters or product updates. If you sign up (e.g. via a form on our site), we process the data you provide (e.g. email address, name) in Loops to send you the requested communications and to manage our mailing list. We use Loops only with your consent. The legal basis is your consent (Art. 6(1)(a) GDPR; Art. 6(1) FADP). You can unsubscribe at any time via the link in each email or by contacting us. Loops may process data in the USA or elsewhere; we ensure appropriate safeguards for international transfers. For more information, see Loops Privacy Policy.

3. Storage period

Access and server log data are generally retained only for as long as necessary for security and operational purposes (typically between a few days and a few weeks, depending on the system). Where we are subject to legal retention obligations, we retain data for the period required by law. Contact and enquiry-related data are deleted after the matter is closed, unless retention is required for legal or contractual reasons.

Google Analytics data is retained according to our configuration (e.g. up to 14 months); you can withdraw consent at any time, after which we will not use GA for your future visits. Loops (newsletter) data is retained for as long as you are subscribed; after you unsubscribe, we delete or anonymise your data within a reasonable period unless we must retain it for legal reasons.

4. Recipients and international transfers

We use service providers who process data on our behalf (processors) to operate this website:

  • Hosting: The site may be hosted by providers (e.g. Vercel Inc.) whose infrastructure may be located in the USA or other countries outside the European Economic Area (EEA) and Switzerland. Where data is transferred to such countries, we ensure appropriate safeguards (e.g. standard contractual clauses approved by the European Commission or the Swiss Federal Data Protection and Information Commissioner (FDPIC), or other recognised mechanisms) so that your data remains protected.
  • Firebase (Google): We use Google Firebase (including Firestore) to store and serve content. Google may process data in the USA or elsewhere. Where Google acts as a processor, we rely on contractual obligations and, where applicable, standard contractual clauses or other approved transfer mechanisms. See Firebase Privacy.
  • Google Analytics: Google Analytics is provided by Google LLC (USA). Usage data may be transferred to and processed in the USA. We use Google Analytics only with your consent where required; we rely on appropriate safeguards (e.g. standard contractual clauses) for transfers.
  • Loops: We use Loops (loops.so) for email communications. Loops may process data in the USA or elsewhere. We ensure appropriate safeguards for international transfers (e.g. standard contractual clauses).

We do not sell your personal data. We disclose data to third parties only where required by law or with your consent.

5. Cookies and similar technologies

We use cookies and similar technologies for the following purposes:

  • Strictly necessary: Cookies that are essential for the operation and security of the website (e.g. session or security-related identifiers). These do not require your consent under applicable law.
  • Analytics (Google Analytics): We use Google Analytics, which sets cookies and similar technologies to collect usage data (e.g. pages visited, duration). Where required by law (e.g. in the EEA and Switzerland), we use Google Analytics only with your prior consent. You can withdraw consent at any time via our cookie/consent settings (if available) or by disabling or deleting cookies in your browser. You can also use the Google Analytics Opt-out Browser Add-on to prevent your data from being used by Google Analytics.

You can manage or disable cookies in your browser settings; restricting necessary cookies may affect the functionality of the site.

6. Your rights

Under the GDPR (if you are in the EEA) and under the FADP (Switzerland), you have the following rights in relation to your personal data:

  • Right of access (Art. 15 GDPR / Art. 25 FADP): You may obtain confirmation as to whether we process your data and, if so, a copy of that data and certain information about the processing.
  • Right to rectification (Art. 16 GDPR / Art. 32 FADP): You may request correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR / Art. 32 FADP): You may request deletion of your data where the legal conditions are met (e.g. data no longer necessary, consent withdrawn).
  • Right to restriction of processing (Art. 18 GDPR): You may request that we restrict processing in certain situations (e.g. while accuracy is verified).
  • Right to data portability (Art. 20 GDPR): Where processing is based on contract or consent and carried out by automated means, you may receive your data in a structured, commonly used format or have it transmitted to another controller where technically feasible.
  • Right to object (Art. 21 GDPR): Where we process your data on the basis of legitimate interests, you may object to that processing on grounds relating to your situation; we will then cease processing unless we demonstrate compelling legitimate grounds that override your interests.
  • Withdrawal of consent: Where processing is based on your consent, you may withdraw it at any time; withdrawal does not affect the lawfulness of processing before withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. In Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC). In the EEA, you may contact the data protection authority of your country of residence or place of work.

To exercise these rights, please use the contact details in the Imprint. We will respond to your request without undue delay and at latest within one month (or within the period set by applicable law).

7. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure, in line with the state of the art and the risks involved.

8. Minors

This website is not directed at minors. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us using the details in the Imprint so we can delete it.

9. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, technology or legal requirements. The current version is always available on this page; the “Last updated” date at the top indicates the latest revision. We encourage you to review this page periodically. Where required by law, we will seek your consent to material changes.