PRIVACY

Privacy Policy

Short version: I collect your email when you subscribe. I don't track you, sell your data, or use cookies. Here are the details.

Who operates this site

This site is operated by Cultur3 Numomo AG (CHE-400.275.415), Talbachstrasse 2, 8418 Schlatt ZH, Switzerland. Rolf is the person behind the content, recommendations, and emails. For legal purposes, Cultur3 Numomo AG is the data controller.

Lawful basis for processing

I process your data based on specific legal grounds under the GDPR and the Swiss Federal Act on Data Protection (FADP):

  • Consent: Newsletter subscriptions use double opt-in. You actively confirm before any emails are sent. You can withdraw consent at any time by unsubscribing.
  • Legitimate interest: Rate limiting and abuse prevention protect the service for everyone. I keep this processing minimal and time-limited.
  • Contract performance: If you participate in a concept test or survey, processing your responses is necessary to deliver the results you signed up for.

What I collect

When you subscribe to the newsletter, I collect your email address and which page you signed up from. That's it. No cookies, no tracking pixels, no browsing history.

If you participate in a concept test (like a book title survey), I also store your responses. These are linked to your email so I can follow up, but they're anonymized if you unsubscribe.

How email works

I use double opt-in for all newsletter signups. When you enter your email, you'll receive a confirmation email. You're only subscribed after you click confirm. This protects you from being signed up by someone else.

Emails are sent through Brevo (formerly Sendinblue), which acts as a data processor. Brevo stores your email address, subscription status, and signup metadata (source and tags).

Every email includes an unsubscribe link. Unsubscribing from one list (e.g., the book list) does not unsubscribe you from others (e.g., the weekly newsletter). Each list is independent.

Data processors

I use a small number of third-party services to run this site. Each acts as a data processor under contract:

  • Brevo (Sendinblue): Email delivery and subscriber management. Stores your email address, subscription status, and signup metadata. Servers in the EU. Privacy policy
  • Upstash: Redis-based rate limiting for the signup form. Stores your IP address temporarily (auto-expires). Privacy policy
  • Vercel: Site hosting and serverless functions. Processes server logs that may include IP addresses. Servers in the US and EU. Privacy policy

What I don't collect

No third-party analytics (no Google Analytics, no Meta Pixel). No advertising cookies. No behavioral profiling. No payment data — if you buy something through an affiliate link, the retailer handles that independently.

Where your data is stored

Your email and subscriber data is stored by Brevo on servers in the European Union. Rate-limiting data is processed by Upstash (EU region). The site itself is hosted on Vercel, which uses servers in the US and EU.

For transfers outside the EU/EEA (e.g., Vercel's US infrastructure), the providers rely on Standard Contractual Clauses (SCCs) as approved by the European Commission.

Rate limiting

The signup form uses temporary IP-based rate limiting to prevent abuse. Your IP address is stored briefly, then automatically deleted. It's never logged permanently or shared.

Your rights

Under the GDPR and Swiss data protection law, you have the right to access, correct, delete, or export your data at any time. You can also restrict processing or object to it. Email legal@rolfskincare.com and I'll handle it within 30 days.

  • Access: I'll send you everything I have on file.
  • Correction: I'll update any incorrect data.
  • Deletion: I'll delete your contact from Brevo and anonymize any experiment data.
  • Export (portability): I'll send your data in a machine-readable format (CSV or JSON).
  • Restriction: I'll suppress processing while keeping your record.
  • Objection: You can object to processing based on legitimate interest at any time.
  • Withdraw consent: You can unsubscribe from any email list at any time. This doesn't affect the lawfulness of processing before withdrawal.

Right to lodge a complaint

If you believe your data has been handled incorrectly, you can lodge a complaint with a supervisory authority. For Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC). For EU residents, you can contact your local data protection authority.

Data retention

If you unsubscribe, your contact record is deleted from Brevo after 90 days. Experiment data (survey responses) is anonymized by replacing your email with a hash — the responses are kept for aggregate analysis but can no longer be linked to you.

Questions

If you have questions about how your data is handled, email legal@rolfskincare.com.

Last updated: March 2026. This policy applies to rolfskincare.com.