Effective Date: June 24, 2025
Last Updated: June 24, 2025
Fazup Sàrl (operating the Yisu brand)
Represented by: Antoine Samakh, CEO
Registered Office: Rue des Moulins 13, 2800 Delémont, Switzerland
Email: support @ yisu.io
Company Registration: CHE-244.167.758 (RCS Delémont)
Website: yisu.io
Fazup Sàrl respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you visit yisu.io and purchase our Yisu brand products.
This policy complies with:
Swiss Federal Act on Data Protection (FADP)
EU General Data Protection Regulation (GDPR)
EU ePrivacy Directive
Account Creation & Orders:
Name and surname
Email address
Password (encrypted)
Phone number
Billing and shipping addresses
Payment information (processed by secure payment providers)
Communications:
Messages sent through contact forms
Customer service correspondence
Newsletter subscription preferences
Product reviews and feedback
Website Usage Data:
IP address and device identifiers
Browser type and version
Operating system
Pages visited and time spent
Referral sources
Shopping cart contents
Cookies and Tracking Technologies:
Session cookies (essential for website functionality)
Analytics cookies (Google Analytics)
Marketing cookies (with your consent)
Social media pixels (Facebook, Instagram)
Fulfillment Partner:
Order production status
Shipping and tracking information
Quality control data
Payment Processors:
Transaction confirmations
Payment status updates
Fraud prevention data
Shopify Platform:
E-commerce analytics
Platform performance data
Security monitoring
We process your personal data based on:
Processing and fulfilling your orders
Providing customer service
Managing your account
Website analytics and improvement
Fraud prevention and security
Business operations and administration
Internal record keeping
Marketing communications
Non-essential cookies
Social media integration
Personalized advertising
Tax and accounting records
Consumer protection compliance
Anti-money laundering requirements
Creating and managing your orders
Payment processing and verification
Coordinating with partner for production
Arranging shipping and delivery
Handling returns and customer service
Order confirmations and updates
Shipping notifications and tracking
Responding to inquiries and support requests
Account security notifications
Newsletter subscriptions
Promotional emails about new products
Personalized product recommendations
Social media advertising
Website analytics and optimization
Fraud prevention and security
Legal compliance and record keeping
Business planning and development
(Fulfillment Partner:
Order details for product manufacturing
Customer shipping information
Quality control and customer service data
Location: EU, US, UK, Mexico (with adequate safeguards)
Shopify (E-commerce Platform):
Website hosting and functionality
Order management system
Analytics and performance data
Location: Canada (adequacy decision)
Payment Processors:
Stripe, PayPal, Shopify and other secure payment services
Transaction processing and fraud prevention
PCI DSS compliant data handling
Google Analytics:
Website usage statistics
Performance optimization
Privacy-enhanced configuration
Social Media Platforms:
Facebook/Instagram pixels
Custom audience creation
Advertising performance tracking
We may disclose personal data when required to:
Comply with legal obligations
Protect our rights and property
Prevent fraud or illegal activities
Ensure user and public safety
When transferring data outside Switzerland/EU, we ensure protection through:
Adequacy Decisions: For transfers to countries with adequate protection
Standard Contractual Clauses (SCCs): For transfers to other countries
Binding Corporate Rules: Where applicable
Certification Schemes: Such as Privacy Shield successors
Partner Operations:
EU facilities: Direct processing within EU
US facilities: Protected by SCCs and additional safeguards
UK facilities: Adequacy decision
Other locations: SCCs and contractual protections
Active accounts: Until account deletion requested
Order history: 10 years (Swiss commercial law requirement)
Payment records: 10 years (tax and audit requirements)
Customer service records: 3 years after last contact
Newsletter subscriptions: Until unsubscribe + 3 years
Consent records: 3 years after withdrawal
Marketing analytics: 26 months (Google Analytics retention)
Server logs: 12 months
Security logs: 2 years
Analytics data: 26 months
You have the right to:
Obtain confirmation of data processing
Access your personal data
Receive information about processing purposes
Request data in a structured format
Correct inaccurate or incomplete data
Request deletion of personal data
"Right to be forgotten" under certain conditions
Restrict processing under specific circumstances
Object to processing based on legitimate interest
Object to direct marketing at any time
Receive your data in machine-readable format
Transfer data to another service provider
Withdraw consent for marketing communications
Opt out of non-essential cookies
Manage consent through your account settings
Email: support @ yisu.io
Subject: "Data Protection Request - [Your Request Type]"
Include: Full name, email address, and specific request details
Standard requests: 30 days (may be extended to 60 days for complex requests)
Urgent requests: We prioritize security-related requests
Identity verification: May be required for certain requests
We do not charge fees for legitimate data protection requests unless they are excessive or repetitive.
Always Active - No Consent Required:
Session management
Shopping cart functionality
Security features
Authentication tokens
Google Analytics (with consent):
Website performance monitoring
User behavior analysis
Privacy-enhanced implementation
IP anonymization enabled
Social Media and Advertising (with consent):
Facebook/Instagram pixels
Google Ads conversion tracking
Custom audience creation
Retargeting campaigns
You can control cookies through:
Browser settings
Our cookie consent banner
Account preferences
Third-party opt-out tools
Encryption: SSL/TLS for all data transmission
Access Controls: Role-based access to personal data
Secure Storage: Encrypted databases and secure servers
Regular Updates: Security patches and system updates
Staff Training: Regular data protection training
Access Limitation: Need-to-know basis for data access
Incident Response: Procedures for data breach handling
Regular Audits: Security assessments and reviews
All service providers must:
Implement appropriate security measures
Sign data processing agreements
Undergo security assessments
Report security incidents promptly
Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16.
If we discover we have collected data from a child under 16:
We will delete the information promptly
We will notify parents/guardians if possible
We will implement additional age verification measures
In case of a data breach, we will:
Assess the breach within 24 hours
Contain and investigate the incident
Document all breach details
Implement corrective measures
Supervisory Authority: Notification within 72 hours if high risk
Affected Individuals: Direct notification if high risk to rights and freedoms
Breach Register: Maintain internal records of all breaches
We will notify you of significant changes through:
Email notification to registered users
Prominent notice on our website
Updated effective date
Continued use of our services after changes constitutes acceptance of the updated policy.
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, 3003 Bern, Switzerland
Website: www.edoeb.admin.ch
Contact your local data protection authority or: European Data Protection Board
Website: edpb.europa.eu
Data Protection Officer: Antoine Samakh
Email: support @ yisu.io
Address: Rue des Moulins 13, 2800 Delémont, Switzerland
For data protection inquiries, please use the subject line: "Privacy Policy - [Your Inquiry]"
