plush74 logo
plush74 logo

Privacy Policy

privacy policy

Privacy Policy of PLUSH74 Switzerland AG

Effective Date: 24.11.2025

1. Introduction


This Privacy Policy explains how PLUSH74 Switzerland AG (“PLUSH74”, “we”, “us”, “our”) collects, uses, stores, transfers, and protects personal data when you visit our website, interact with our services, or contact us.

We are committed to protecting your personal data and adhering to:

  • The Swiss Federal Act on Data Protection (FADP)

  • The EU General Data Protection Regulation (GDPR)

  • And other relevant global privacy regulations where applicable

By using our website, you agree to this Privacy Policy. You may withdraw your consent at any time.

2. Controller Information


PLUSH74 Switzerland AG

Zähringerplatz 11
CH-8001 Zurich
Switzerland

Represented by: Robin Sebastian Hoefler
Email: yeah@plush74.com
Phone: 030 70016966

3. Definitions


  • Personal Data: Any information relating to an identifiable individual

  • Processing: Any operation performed on personal data

  • Controller: Entity determining how and why data is processed

  • Processor: Entity processing data on behalf of the controller

  • Third Country: Outside Switzerland/EU

  • Consent: Freely given, informed, unambiguous indication of agreement

  • Profiling: Automated processing of personal data to evaluate personal aspects

4. Data We Collect


4.1 Data Provided Directly


  • Name, email, phone

  • Company information

  • Production/project inquiries

  • Newsletter signup data

  • Account data (if applicable)

  • Uploaded files, references, or project briefs

4.2 Automatically Collected Data


  • IP address (anonymized when required)

  • Browser type and version

  • Operating system

  • Device identifiers

  • Pages visited

  • Time and duration of visits

  • Referrer URLs

  • Cookie identifiers

  • Interaction behavior (clicks, scrolls)

4.3 Third Party Data Sources


  • Google Analytics (traffic & behavior insights)

  • Google Search Console (search performance)

  • Google Ads (advertising & conversions)

  • Brevo (newsletter interactions)

  • Zapier automation triggers

  • WordPress plugins generating technical or form data

5. Legal Basis for Processing


We process data under:

  • Art. 6(1)(a) GDPR — Consent

  • Art. 6(1)(b) GDPR — Contract / pre-contractual measures

  • Art. 6(1)(c) GDPR — Legal obligations

  • Art. 6(1)(f) GDPR — Legitimate interests

Legitimate interests include:

  • Operating an efficient website

  • Improving services

  • Marketing to professional clients

  • Preventing abuse

  • Ensuring IT security

Swiss FADP principles apply equivalently.

6. Processing Purposes


6.1 Website Operation & Functionality (WordPress)

Our website is built with WordPress, which may process:

  • User session data

  • Login attempts (if accounts exist)

  • Technical logs

  • Security-related data (e.g., firewall logs)

WordPress official policies:
https://wordpress.org/about/privacy/

6.2 WordPress Plugins (General)


We use various WordPress plugins that may process limited data to:

  • Improve performance

  • Secure the website

  • Manage contact forms

  • Optimize caching and delivery

  • Embed media

  • Provide spam filtering (e.g., Akismet)

  • Provide SEO functionalities

Whenever plugins process personal data, they do so under a Data Processing Agreement (DPA) or standard provider policies.

Typical plugin categories:

  • Contact form plugins (collect messages + contact info)

  • Security plugins (log IP addresses to prevent attacks)

  • Backup plugins (store encrypted backups on server)

  • Caching/optimization plugins (store technical cookies)

  • SEO plugins (analyze content, not personal data)

  • Analytics connectors

Specific plugins can be added if you want them listed by name.

7. Zapier Integrations


We use Zapier to automate workflows, including:

  • Contact form submissions → Email notifications

  • Newsletter signups → Brevo subscriber lists

  • Inquiry data → Internal CRM or organizational tools

Zapier may process:

  • Name

  • Email address

  • Message content

  • Metadata such as timestamps

Zapier only processes data to execute automated tasks we configure.

Provider details:
Zapier Inc.
548 Market St. #62411, San Francisco, CA 94104
Privacy Policy: https://zapier.com/privacy/

Data may be transferred to the USA under Standard Contractual Clauses (SCCs).

8. Marketing & Newsletter (Brevo)


We use Brevo (Sendinblue) for newsletters and marketing emails.

Processed data includes:

  • Email address

  • IP address

  • Time of subscription

  • Interaction data (opens, clicks)

  • Unsubscribe information

You can unsubscribe anytime.

Brevo’s policy:
https://www.brevo.com/legal/privacypolicy/

9. Analytics & Advertising Tools

9.1 Google Analytics


Used to track:

  • Page views

  • User behavior

  • Device and browser info

  • Interaction flows

  • Location (approximate)

Features enabled:

  • IP anonymization

  • Consent-based tracking

Privacy Policy:
https://policies.google.com/privacy

9.2 Google Search Console


Provides non-personal, aggregated search performance data.

9.3 Google Ads


Used for:

  • Conversion measurement

  • Remarketing (only with consent)

  • Advertising attribution

Google’s privacy information:
https://policies.google.com/technologies/ads

10. Cookies & Tracking


We use cookies for:

  • Session functionality

  • Language settings

  • Analytics

  • Advertising

  • Security

  • WordPress plugin operations

Users can accept, decline, or customize cookie settings via the consent banner.

Cookies can also be deleted in browser settings.

11. Data Sharing


Data may be shared with:

  • Hosting providers

  • WordPress plugin providers

  • Google (Analytics, Ads, Search Console)

  • Brevo (email marketing)

  • Zapier (automation)

  • IT or security consultants

  • Legal authorities if required

We never sell personal data.

All processors operate under DPAs or equivalent safeguards.

12. International Transfers


Data may be stored or processed in:

  • Switzerland

  • EU/EEA

  • USA (Zapier, Google)

Transfers rely on:

  • Standard Contractual Clauses

  • Adequacy decisions

  • Appropriate technical safeguards

13. Data Retention


  • Inquiry data: up to 24 months

  • Newsletter subscriptions: until unsubscribed

  • Analytics data: 26 months

  • Log files: up to 12 months

  • Contractual data: 10 years

  • Backups (encrypted): up to 30–90 days, depending on system

14. Security Measures


We apply:

  • SSL/TLS encryption

  • Secure hosting infrastructure

  • Firewalls & malware scanning

  • WordPress hardening

  • Role-based access control

  • Regular software updates

  • Two-factor authentication for admin systems

  • Encrypted data transfers

  • Frequent backups

15. User Rights


You may request:

  • Access to your data

  • Rectification

  • Deletion

  • Restriction of processing

  • Data portability

  • Objection to processing

  • Withdrawal of consent

Contact us at:
yeah@plush74.com

You also have the right to lodge a complaint with supervisory authorities.

16. Supervisory Authorities


Switzerland:
Federal Data Protection and Information Commissioner (FDPIC)
https://www.edoeb.admin.ch

EU:
List of GDPR supervisory authorities
https://edpb.europa.eu/about-edpb/board/members_en

17. External Links


We are not responsible for the privacy practices of external websites linked from our website.

18. Changes to This Policy


We may update this Privacy Policy to reflect:

  • Legal changes

  • Technical changes

  • New features or services

The latest version will always be published on this page.

19. Contact


For all data protection matters:

PLUSH74 Switzerland AG
Zähringerplatz 11
CH-8001 Zurich

Email: yeah@plush74.com
Phone: 030 70016966

plush74 logo