Datenschutz

Last updated: 23.01.2026

1. Introduction

CardBase ("we", "us", "our") takes the protection of your personal data seriously. This Privacy Policy explains how we collect, use, store, and protect your data when you use our platform.

We comply with the Swiss Federal Act on Data Protection (FADP/DSG), the European General Data Protection Regulation (GDPR), and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

CardBase
Musterstrasse 123
8000 Zürich
Schweiz

E-Mail: privacy@cardbase.ch

3. Data We Collect

3.1 Account Data

When you register, we collect:

  • E-Mail-Adresse
  • Benutzername
  • Password (encrypted)
  • Profile information (optional): name, bio, location, avatar
  • Account type and preferences

3.2 Transaction Data

When you buy or sell, we collect:

  • Order history and details
  • Shipping addresses
  • Payment information (processed by third-party providers)
  • Communication between buyers and sellers

3.3 Usage Data

We automatically collect:

  • IP-Adresse
  • Browser type and version
  • Device information
  • Pages visited and actions taken
  • Search queries
  • Date and time of access

3.4 Cookies

We use cookies and similar technologies. For details, see our Cookie Policy section below.

4. How We Use Your Data

We use your data for the following purposes:

4.1 Contract Performance

  • Providing and maintaining the Platform
  • Processing transactions
  • Customer support
  • Account management

4.2 Legitimate Interests

  • Improving and personalizing the Platform
  • Fraud prevention and security
  • Analytics and statistics
  • Marketing communications (with opt-out)

4.3 Legal Obligations

  • Tax documentation
  • Responding to legal requests
  • Compliance with regulations

5. Data Sharing

We share your data only in the following cases:

5.1 With Other Users

Your username, profile picture, and public profile information are visible to other users. When you complete a transaction, your shipping address is shared with the seller.

5.2 With Service Providers

We work with trusted service providers for:

  • Payment processing (Stripe)
  • Email delivery
  • Cloud hosting (servers in Switzerland/EU)
  • Analytics

5.3 Legal Requirements

We may disclose data when required by law or to protect our rights and the safety of users.

6. Data Retention

We retain your data as follows:

  • Account data: Until account deletion, plus 30 days
  • Transaction data: 10 years (legal requirement)
  • Usage data: 12 months
  • Backups: 90 days

7. Your Rights

Under GDPR and Swiss law, you have the following rights:

7.1 Right of Access

You can request a copy of your personal data.

7.2 Right to Rectification

You can correct inaccurate data in your account settings or by contacting us.

7.3 Right to Erasure

You can request deletion of your data, subject to legal retention requirements.

7.4 Right to Data Portability

You can request your data in a machine-readable format.

7.5 Right to Object

You can object to processing for marketing purposes at any time.

7.6 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

To exercise these rights, contact us at privacy@cardbase.ch. We will respond within 30 days.

8. Cookies and Tracking

8.1 Essential Cookies

Required for the Platform to function:

  • Session cookies (login state)
  • CSRF protection
  • Language preference
  • Cookie consent

8.2 Analytics Cookies

With your consent, we use:

  • Usage analytics to improve the Platform
  • Error tracking

8.3 Marketing Cookies

With your consent:

  • Personalized recommendations
  • Social media integration

You can manage your cookie preferences at any time using the cookie settings in the footer.

9. Data Security

We protect your data through:

  • SSL/TLS encryption for all connections
  • Encrypted password storage (bcrypt)
  • Regular security audits
  • Access controls and logging
  • Servers located in Switzerland

10. International Transfers

Your data is primarily stored in Switzerland. If we transfer data outside Switzerland/EEA, we ensure adequate protection through Standard Contractual Clauses or adequacy decisions.

11. Children's Privacy

The Platform is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, please contact us.

12. Changes to This Policy

We may update this Privacy Policy. Significant changes will be communicated via email or a notice on the Platform. Continued use after changes constitutes acceptance.

13. Complaints

If you believe your data protection rights have been violated, you can file a complaint with:

Swiss Data Protection Authority
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB)
Feldeggweg 1
3003 Bern
Schweiz
www.edoeb.admin.ch

14. Contact

For privacy-related questions:

CardBase
Data Protection Officer
E-Mail: privacy@cardbase.ch

Back to Home