Privacy policy

Privacy Policy

Last updated: 24 February 2026 | Effective: 1 March 2026

Authoritative version: German


1. Introduction

IMMERSA (Myshelov Consulting, sole proprietorship, UID: CHE-481.483.118, Saentisstrasse 6, 8008 Zurich, Switzerland) operates the online shop and website immersa.ch, including all associated content, features, products, and services (hereinafter referred to as the Services).

The Services are technically hosted on the Shopify platform. This Privacy Policy describes how we collect, use, and share personal data when you visit our website, use the Services, or communicate with us.

This Privacy Policy applies to individuals residing in Switzerland, the European Economic Area (EEA), the United Kingdom (UK), and worldwide. In the event of a conflict, this Privacy Policy takes precedence over our General Terms and Conditions with regard to the collection, processing, and sharing of personal data.

 

2. Applicable Legal Frameworks

2.1 Switzerland - nFADP

For individuals residing in Switzerland, we process personal data in accordance with the revised Federal Act on Data Protection (nFADP, SR 235.1), which entered into force on 1 September 2023, and its accompanying Data Protection Ordinance (DPO).

 

2.2 European Economic Area (EEA) - GDPR

For individuals residing in the EEA, we process personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR). The legal bases for processing include:

  • Art. 6(1)(b) GDPR - Performance of a contract
  • Art. 6(1)(c) GDPR - Compliance with a legal obligation
  • Art. 6(1)(f) GDPR - Legitimate interests
  • Art. 6(1)(a) GDPR - Consent (where required)

 

2.3 United Kingdom - UK GDPR

For individuals residing in the United Kingdom, we process personal data in accordance with the UK GDPR and the Data Protection Act 2018.

 

3. Data Controller

The data controller within the meaning of applicable data protection law is:

 

Myshelov Consulting

Owner: Evgeny Myshelov

Trading name: IMMERSA

Saentisstrasse 6, 8008 Zurich, Switzerland

E-mail: info@immersa.ch

Website: www.immersa.ch

UID: CHE-481.483.118

 

For all data protection enquiries, please contact info@immersa.ch exclusively. Please do not use personal email addresses of individual staff members for data protection matters.

 

4. Personal Data We Collect

Depending on how you interact with us, the following categories of personal data may be collected or processed:

 

4.1 Data You Provide Directly

  • Contact details: name, postal address, billing and delivery address, telephone number, email address
  • Account information: username, password, security questions, settings and preferences
  • Payment data: payment method, transaction details, payment confirmation (card data is processed exclusively by payment service providers and is not stored by IMMERSA)
  • Communication data: content of enquiries, support tickets, emails, and other correspondence
  • Contract data: for B2B customers, company details, UID/tax number, contact persons, project details

 

4.2 Automatically Collected Data

  • Device information: device type, operating system, browser, IP address, unique device identifiers
  • Usage data: page views, time spent on site, click paths, search queries on the website
  • Cookie data and similar technologies (see Section 9)

 

4.3 Data Received from Third Parties

  • From Shopify as the technical platform operator
  • From payment service providers (TWINT, credit card companies, PayPal) in connection with payment processing
  • From shipping service providers (Swiss Post, international partners) for order fulfilment

 

5. Purposes and Legal Bases for Processing

5.1 Performance of a Contract

We process your data to carry out rental and service agreements, process payments, organise shipping, handle returns, and communicate with customers. Legal basis: Art. 6(1)(b) GDPR / nFADP Art. 31(2)(a).

 

5.2 Legal Obligations

We process data to fulfil statutory retention, reporting, and disclosure obligations. Legal basis: Art. 6(1)(c) GDPR / nFADP Art. 31(2)(b).

 

5.3 Legitimate Interests

We process data for fraud prevention, security of our Services, improvement of our offering, and the assertion or defence of legal claims. Legal basis: Art. 6(1)(f) GDPR / nFADP Art. 31(1).

 

5.4 Marketing and Communications (with Consent)

With your explicit consent, we use your data to send marketing communications by email or other channels. You may withdraw your consent at any time. Legal basis: Art. 6(1)(a) GDPR / nFADP Art. 31(2)(e).

 

6. Sharing of Personal Data

We share personal data only to the extent permitted or required by law:

 

6.1 Service Providers and Data Processors

  • Shopify Inc. (platform operator, servers in the EU and Canada) - data processing agreement concluded in accordance with GDPR/nFADP
  • Payment service providers: TWINT, credit card providers, PayPal - each subject to their own privacy policies
  • Shipping service providers: Swiss Post AG, international hardware partners (EU/UK)
  • IT service providers and cloud providers, where required for operations

 

6.2 Software Development and Implementation Partners (B2B)

For B2B implementation projects, Myshelov Consulting may engage qualified third-party companies for software development, XR development, and AMS. These partners receive only the personal data necessary for the performance of their services and are contractually obliged to comply with data protection requirements.

 

6.3 Authorities and Law Enforcement

We may disclose data to authorities where we are legally obliged to do so, or where this is necessary to protect our rights or the rights of third parties.

 

6.4 No Sharing for Advertising Purposes Without Consent

We do not sell your personal data to third parties. Data is shared with external third parties for marketing purposes only with your explicit consent.

 

7. Shopify as Platform Operator

The Services are hosted on the Shopify platform. Shopify processes personal data on our behalf as a data processor. Shopify may store and process your data on servers located in Canada, the United States, or the EU.

For certain advanced Shopify features, Shopify may also act as an independent data controller. For further information, please refer to Shopify's Privacy Policy at https://www.shopify.com/legal/privacy and the Shopify Privacy Portal at https://privacy.shopify.com.

 

8. International Data Transfers

In the course of our business activities, personal data may be transferred to countries outside Switzerland, the EEA, or the United Kingdom. We ensure that such transfers are based on appropriate safeguards:

  • Standard Contractual Clauses (SCCs) of the European Commission for transfers from the EEA
  • International Data Transfer Agreement (IDTA) for transfers from the UK
  • Adequacy decision: Switzerland is recognised by the EU as providing an adequate level of data protection
  • Additional technical and organisational measures (TOMs) where required

 

9. Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device. We distinguish between the following categories:

 

9.1 Strictly Necessary Cookies

These cookies are technically required for the operation of the website and shop (e.g. shopping basket, session management, security). They cannot be disabled. Legal basis: legitimate interest.

 

9.2 Analytics Cookies

These cookies help us understand how visitors use our website (e.g. Google Analytics, Shopify Analytics). Legal basis: consent.

 

9.3 Marketing Cookies

These cookies enable personalised advertising on external platforms. Legal basis: consent.

 

You may adjust your cookie preferences at any time via the cookie banner on our website or through your browser settings.

 

10. Retention Periods

We store personal data only for as long as necessary for the relevant purposes or as required by statutory retention obligations:

  • Contract data and booking records: 10 years (Swiss Code of Obligations, Art. 958f)
  • Customer account data: until account deletion plus 2 years
  • Communication data (support, email): 3 years
  • Payment data: in accordance with the requirements of the relevant payment service provider, max. 10 years
  • Analytics data (anonymised): indefinitely

 

11. Your Rights

11.1 Rights for All Users (Switzerland, EU, UK, Worldwide)

  • Right of access: you have the right to know what data we hold about you
  • Right to rectification: you may request the correction of inaccurate data
  • Right to erasure: you may request deletion of your data, subject to applicable retention obligations
  • Right to data portability: you may receive your data in a machine-readable format

 

11.2 Additional Rights for EEA and UK Users (GDPR / UK GDPR)

  • Right to object to processing based on legitimate interests (Art. 21 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to withdraw consent at any time without giving reasons
  • Right to lodge a complaint with the competent supervisory authority

 

11.3 Competent Supervisory Authorities

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC), www.edoeb.admin.ch
  • EU: The competent national data protection authority in the relevant member state
  • UK: Information Commissioner's Office (ICO), www.ico.org.uk

 

To exercise your rights, please contact info@immersa.ch. We will respond to your request within 30 days. We reserve the right to verify your identity before processing your request.

 

12. Minors

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from minors. If you are a parent or guardian and become aware that your child has provided us with personal data, please contact info@immersa.ch. We will delete such data without delay.

 

13. Data Security

We implement technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or disclosure. These include encrypted data transmission (TLS/SSL), access controls, and regular security reviews.

Please note that no transmission over the internet is completely secure. We cannot guarantee absolute security, but we take all reasonable measures to protect your data.

 

14. Links to Third-Party Websites

Our website may contain links to external websites. This Privacy Policy applies exclusively to immersa.ch. We accept no responsibility for linked external websites. We recommend that you read the privacy policies of the respective third-party providers.

 

15. Changes to This Privacy Policy

We may update this Privacy Policy at any time to reflect changes to our practices, legal requirements, or operational needs. The current version is available at www.immersa.ch. The date of the most recent revision will always be indicated. In the event of material changes, we will notify you by email or by a prominent notice on our website.

 

16. Contact - Data Protection

For all questions, concerns, or requests to exercise your data protection rights, please contact:

 

Myshelov Consulting - IMMERSA

Data Protection Officer: Evgeny Myshelov

Saentisstrasse 6, 8008 Zurich, Switzerland

E-mail: info@immersa.ch

Website: www.immersa.ch

 

For all data protection enquiries, please use the official email address info@immersa.ch exclusively.

 

This Privacy Policy forms part of the legal documentation of IMMERSA (Myshelov Consulting). The German version is authoritative.