Privacy Policy

iReparatur.ch / remarket.ch GmbH
Viaduktstrasse 42
4051 Basel
Switzerland
E-Mail: info@rpd.ch

We collect and process personal data only insofar as this is necessary for the establishment, content arrangement or amendment of the contractual relationship (inventory data). This includes name, address, email, telephone number and payment information.

Our website uses cookies to improve the user experience. You can adjust the cookie settings in your browser at any time. Technically necessary cookies cannot be deactivated.

Each time our website is accessed, usage data is automatically collected (e.g. IP address, browser type, access time). This data is used exclusively for statistical evaluations and to improve our services.

In order to show you suitable products and accessories for your device, we store your device preferences (e.g. which smartphone model you use) locally in your browser (localStorage). This data is not shared with third parties and remains exclusively on your device.

If you have a customer account, these preferences can also be stored in your account so that you receive personalised product recommendations across devices. You can view and delete your saved device preferences at any time in your account or remove the data from your browser via the browser settings.

Personal data is only shared with third parties insofar as this is necessary for the fulfilment of the contract (e.g. to shipping service providers or payment providers). No further sharing takes place.

We employ technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments.

You have the right to information, rectification, deletion and restriction of the processing of your personal data. Please contact us at info@rpd.ch.

By subscribing to the newsletter, you agree to receive regular information about offers and news. You can unsubscribe from the newsletter at any time via the unsubscribe link in the email or by emailing us.

We use Google Analytics to analyse website usage. The information generated is stored on Google servers. You can prevent data collection by Google Analytics by installing a browser add-on.

We collect anonymized page views, search queries and cart actions for internal statistics. Your IP address is hashed before storage (SHA-256 with a daily salt). No tracking cookies are set, no cross-site profiling is performed, and no data is shared with third parties. Retention: 30 days rolling. On sensitive pages (account, checkout, login, password reset) no data is collected at all.

This website uses the content delivery network and security services of Cloudflare, Inc. (101 Townsend Street, San Francisco, CA 94107, USA) with European data-centre network. Cloudflare processes your IP address, user-agent and request metadata as a processor to defend against attacks (DDoS, bots), accelerate delivery and terminate TLS. In addition we use Cloudflare Zaraz, a server-side tag-management system, which runs third-party tags (GA4, Meta Pixel, Google Ads) on the Cloudflare edge instead of in your browser. Fewer data thus leave your browser, load times decrease, and sensitive fields are hashed before forwarding. Legal basis: legitimate interest in a secure and performant website (Art. 31(2)(d) DSG). A DPA based on the EU Standard Contractual Clauses is in place with Cloudflare. Details: cloudflare.com/privacypolicy.

In addition to the browser-based Meta Pixel, our server transmits conversion events (Purchase, AddToCart, InitiateCheckout, Lead forms such as the B2B registration) directly to the Meta Conversions API of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. The following data are transmitted: event name (e.g. "Purchase", "Lead", "AddToCart"), event ID for deduplication with the browser pixel, timestamp, order value, currency; contact data exclusively in hashed form (SHA-256): e-mail, phone, first/last name, city, ZIP, country code; technical identifiers: hashed internal customer ID, IP address, user-agent, Meta cookies (_fbc, _fbp), click ID (fbclid). The Conversions API improves measurement accuracy especially with ad blockers and iOS ITP. Transmission occurs only on conversion events, never on a plain page view. Legal basis: legitimate interest in effective advertising (Art. 31(2)(d) DSG). Object via browser settings, ad blockers or facebook.com/settings/?tab=ads.

In addition to browser-based Google Analytics (see section 10), our server transmits conversion events directly to the Measurement Protocol of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (and Google LLC, Mountain View, USA). Transmitted: event name (e.g. "purchase", "generate_lead", "add_to_cart"), event ID, GA4 client ID, session ID, timestamp; hashed e-mail and phone (for Enhanced Conversions / user-ID matching); order value, currency, product IDs and quantities; technical metadata: user-agent, truncated IP address, geo region. The non_personalized_ads parameter is set so that data is used only for reporting and campaign optimisation within the meaning of Art. 31(2)(d) DSG. Legal basis: legitimate interest in effective advertising and correct reach measurement. Details: policies.google.com/privacy.

Some of our service providers (in particular Meta Platforms Inc., Google LLC, Cloudflare Inc.) process data — at least in part — in the USA. Pursuant to Art. 16(2)(a) FADP and Art. 45 GDPR, the USA is not generally considered a safe third country, in particular because of access by US authorities under US law (FISA Section 702, Cloud Act). The transfer is therefore based on: (a) the European Commission's adequacy decision of 10 July 2023 for the EU-U.S. Data Privacy Framework, provided the recipient is certified (verifiable at dataprivacyframework.gov/list); (b) the Swiss Federal Council's recognition ordinance of 14 August 2024 for the Swiss-U.S. Data Privacy Framework, in force since 15 September 2024; (c) additionally the EU Standard Contractual Clauses (Decision 2021/914) including supplementary technical measures (hashing of personal fields prior to transfer, transport encryption). Despite these mechanisms a residual risk may remain that US authorities access your data. You have the right to object to such transfer — if you object, certain services (advertising conversion measurement, personalised content) will be available only in restricted form. Object informally at info@rpd.ch.

We reserve the right to amend this Privacy Policy at any time. The current version is available on our website. As of: May 2026.