Privacy Policy

Last updated: 23 June 2026

This Privacy Policy explains how RicardoPlus ("we", "us") collects, uses and protects the personal data of people who subscribe to our transactional notification service.

1. Data we collect

• Email address — the address you submit through the subscription form.
• Activity metadata — order reference, item title and amount, used only to compose the notification you asked for.
• Delivery events — bounce, delivery and unsubscribe signals, used to keep our list clean and honour opt-outs.
• Sign-up IP and browser string — recorded once, at the moment you submit the form, for fraud prevention. Deleted after 30 days.

2. Why we process it

• To send you the transactional notifications you opted in to.
• To honour unsubscribe and deletion requests promptly.
• To protect the service from abuse and keep deliverability healthy.

3. Legal basis (GDPR / Swiss FADP)

Processing rests on your explicit consent (Art. 6(1)(a) GDPR). For the limited security telemetry above, we rely on our legitimate interest in operating the service safely (Art. 6(1)(f) GDPR).

4. What we never do

• No payment, card or banking data is collected.
• No tracking cookies — this site sets none.
• No third-party analytics, advertising pixels or profiling.
• We never sell, rent or sublicense your address.

5. Service providers

To deliver the service we rely on a small number of standard infrastructure providers — for sending and receiving email and for hosting this website. Each is engaged strictly as a processor under a data-processing agreement (DPA), processes data only on our instructions, and provides Standard Contractual Clauses for any transfer outside the EU/EEA. We share the minimum data required to deliver your notifications and nothing more.

6. Retention

• While subscribed: for as long as your subscription is active.
• After unsubscribe: a suppression entry only, so we never re-add you by accident. No other data is kept.
• Sign-up IP / browser string: 30 days maximum, then deleted.

7. Your rights

Under GDPR and the Swiss FADP you may:

• Access the data we hold about you.
• Correct inaccurate data.
• Request erasure ("right to be forgotten").
• Withdraw consent at any time.
• Lodge a complaint with your supervisory authority (in Switzerland: the FDPIC).

Send any request to kundendienst@ricardoplus.ch. We respond within 30 days.

8. Security

Data is transmitted over TLS. Access to the operator interface requires multi-factor authentication, and credentials are stored encrypted.

9. Changes

Material changes to this policy are announced by email at least 14 days in advance.

10. Contact

Privacy questions: kundendienst@ricardoplus.ch
Postal contact: see the Imprint.