When browsing our website, you may transmit personal data to us, directly or indirectly. Your personal data is precious, it is part of your private life. Therefore, we are committed to collecting, using, and retaining your data under conditions that ensure its protection and confidentiality, in accordance with applicable laws.

We invite you to carefully read this Private Data Protection Charter (hereinafter “the Charter”). Here you will find all the information about the data we collect, how we use it, its retention period, the means we use to protect it, the rights you enjoy, etc.

Our Private Data Protection Charter may be updated or modified, depending on the evolution of our tools and of the regulations. We therefore invite you to consult it regularly.

I. What Data is Covered by the Charter?

This Private Data Protection Charter applies to all personal data that you provide to us, directly or indirectly, when you browse our website.

A piece of “Personal data” is a piece of information that directly or indirectly identifies a natural person. This includes, for example, your name, email address, phone number, but also data about your consumption habits, skin type, etc.

II. Who is Responsible for Processing the Data?

The law defines the entity responsible for processing the data as the company that determines the purposes and conditions for the collection and use of your data.

It is the company PHYT’S SÀRL with a capital of 172 000 CHF, registered with the Trade and Companies Register under number CHE-113.015.796, whose registered office is located at Chemin de la Butte 22D, 1228 Plan-Les-Ouates (GE), Switzerland.

III. On What Legal Basis is your Personal Data Processed?

The processing of personal data that we carry out during our activity may have several legal bases:

Your consent: the law requires us to obtain your consent to collect or use your data. This is the case, for example, when we collect data about your health or ethnicity to advise you on appropriate products (ex: skin problems revealing a pathology, skin colour, etc.), or when we wish to send you commercial solicitations (ex: information about our products, etc.) by e-mail or by text message (Art. 6 Abs. 1 lit. a, Art. 7 GDPR)

Execution of a contract: the collection of your data is necessary when you subscribe to one of our online services. (Art. 6 Abs. 1 lit. b GDPR)

Fulfilment of legal obligations: the collection of your data is indispensable if it serves the fulfilment of our legal obligations (Art. 6 Abs. 1 lit. c GDPR)

Legitimate interest: we need to collect your personal data to get to know you better to offer you personalised offers and services, ensure the security of our website, improve our content, etc. (Art. 6 Abs. 1 lit. f GDPR)

IV. Why do we Collect Your Personal Data?

  • We only collect your personal data when necessary, for explicit, legitimate, and specific purposes.

    Thus, we collect and process your personal data to:

    • provide you with information about your order (tracking, delivery.)
    • improve the operation and content of our website and our services to better meet your needs and requests.
    • collect your feedback on our products and services.
    • carry out audience analysis and statistical studies, for example to know and measure the number of visits to our website, the activity and path of users on our website, the subscription rate for our services, etc.
    • conduct satisfaction surveys on our products and services.
    • detect fraudulent behaviour and manage litigation.
    • ensure the security of our website and our services.

V. What Data is Collected, When and for how Long is it Stored?

We respect the principle of data minimisation. That is to say that we only collect data that is strictly necessary for the fulfilment of our purposes.

Data can be collected:

  • either directly from you, for example when you fill in our collection forms on our website (ex: when placing your order).
  • or indirectly or automatically, for example when you browse our website.
  • In our data collection forms, fields with an asterisk are mandatory. Failing to respond will prevent or compromise the provision of the services concerned.

We define the retention period of your data according to the length of time required to achieve the objectives of the collection. When our objectives are met, we delete your data, except in certain cases where we are required by law to retain it. In these cases, your data is archived under the conditions provided by law.

The table hereafter shows you when your data is collected, what data is collected and how long it will be stored for:

Time of collection Category of data collected Retention period
You browse our website We collect:
your login and browsing technical data (ex: your IP address, information about your browser, etc.)
26 months from the date of collection
You create an account on our website, you log in to your account, you complete your profile We collect:
your identification data (ex: surname, first name, mailing address, e-mail address, etc.)
3 years from the date of creation of your account or from the last login to your account
You give us your opinion on a product and/or service offered on our website or on Phyt’s SÀRL pages and accounts on social networks (Facebook, Instagram, etc.) We collect:
the content of your review
We collect: the content of your review
You contact our Consumer Service or our advisors by email, phone, chat, mail We collect:
your identification data (ex: surname, first name, mailing address, e-mail address, etc.), the reason and content of the exchange, as well as responses to your requests, data relating to your health, if you decide or agree to communicate it to us, your real-time browsing data on our website and the content of your messages in pre- visualisation (not saved).
3 years from each contact
You enter a game/contest, a product test, a satisfaction survey We collect:
your identification data (ex: surname, first name, mailing address, e-mail address, etc.), the content of your answers.
3 years from the date of entering
You write on our social media pages or in private messages We collect:
the content of your messages (which may include data relating to your health or skin colour)
3 years from the date of your message
You declare a case of CosmetoVigilance We collect:
your identification data (ex: surname, first name, mailing address, e-mail address, etc.), the reason and content of our exchange, data relating to your health or skin colour, if you decide or agree to provide it to us, banking or financial data (ex: IBAN for a refund, etc.)
Statutory period


VI. Cookies1

Cookies may be stored on your device when you visit the website. Cookies are small text files that are stored by the browser you are using. Cookies cannot execute programs or transmit viruses to your device. However, the body that sets the cookie can obtain certain information from it. Cookies are used to make the website more user-friendly. Cookies can be used, for example, to recognise the device that was used to access this website when it is accessed again.

The browser settings can be used to restrict or prevent the setting of cookies. For example, only the acceptance of cookies from third-party providers can be blocked, or the acceptance of all cookies can be blocked. However, by blocking cookies, you may no longer be able to use all the functions of this website.

VII. How do we Collect Data from Minors?

Our website is accessible to anyone, adult or minor.

Persons who are under the age of 18 may provide us with their personal data only if they have the express consent of a legal guardian. Such data shall be processed in accordance with this privacy policy.

VIII. Who are the Recipients of Your Data?

We may transmit your data to the following companies or individuals, who are involved in the fulfilment of the purposes described in IV above:

  • Google, to measure the audience on our website,
  • administrative or judicial authorities at their request.

We select subcontractors, service providers and suppliers who have sufficient guarantees to ensure the protection, security, and confidentiality of your personal data, by implementing appropriate technical and organisational measures that meet legal requirements. They are only allowed to process your data according to our instructions.

We do not transfer your data to companies other than those mentioned above.

IX. How do we Ensure Your Data is Secure?

Phyt’s SÀRL undertakes to use reasonable means to ensure that your personal data is sufficiently protected, considering the sensitivity of some collected information. We use several technologies and procedures to protect your data from unauthorised access, use or disclosure. We demand an equivalent level of safety to our subcontractors.

For example, we or our subcontractors store your data on computer servers located in controlled locations with limited access. Unfortunately, the complete security of data transmission over the internet cannot be guaranteed. Thus, we cannot fully guarantee the security of the data that you transmit to us by electronic means.

X. Where do we Store Your Data?

Our company and our subcontractors process and store your data only in member countries of the European Union as well as in Switzerland.

XI. How can you Exercise Your Rights?

Pursuant to applicable laws, you benefit from:

  • the right to access data about you (Art. 15 GDPR)
  • the right to rectify your data (Art. 16 GDPR)
  • the right to erase your data, for legitimate reasons (Art. 17 GDPR)
  • the right to restrict the processing of your data (Art. 18 GDRPR)
  • the right to be notified regarding the rectification or erasure of personal data or restriction of processing (Art. 19 GDPR)
  • the right to data portability (Art. 20 GDPR)
  • the right to withdraw your consent to the processing of your data (Art. 21 GDPR)
  • You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR)
  • the right to lodge a complaint with the competent supervisory authority in the event of a suspected breach of data protection law (Art. 77 GDPR). The competent supervisory authority is the one at your usual place of residence, place of work or the place of the suspected infringement.

You can exercise these rights at any time by contacting us at the following address: Phyt’s SÀRL — Chemin de la Butte 22D, 1228 Plan-les-Ouates, Switzerland; or by sending us a message via our contact form.

XII. How do I Contact the Data Protection Officer (DPO)?

Phyt’s SÀRL has appointed a Data Protection Officer (DPO) who can be reached at the following address:


1 Source: Muster-Datenschutzerklärung von