Privacy policy

Last updated: 5 April 2026

HOLYGRADE operates this shop and website, including all associated information, content, features, tools, products and services, to provide you as a customer with a personalised shopping experience (the "Services"). HOLYGRADE is built on Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use or share personal data when you visit, use or make a purchase or other transaction using the Services, or otherwise communicate with us. In the event of a conflict between our general terms and conditions and this Privacy Policy, this Privacy Policy shall take precedence with respect to the collection, processing and sharing of your personal data.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you confirm that you have read this Privacy Policy and agree to the collection, use and sharing of your information as described in this Privacy Policy.

What personal data do we collect or process?

When we use the term "personal data", we refer to information that identifies you or another person, or can be directly associated with you. Personal data does not include information that is collected anonymously or has been anonymised such that identification or association with your person is not possible. Depending on how you interact with the Services, where you reside and as permitted or required by applicable law, we may collect or process the following categories of personal data, including inferences drawn from such personal data:

  • Contact data including name, postal address, billing address, delivery address, telephone number and email address.
  • Financial data including credit, debit card and financial account numbers, payment card information, financial account information, transaction details, payment method, payment confirmation and other payment details.
  • Account information including username, password, security questions, configurations and settings.
  • Transaction information including the items you view, add to your cart, add to your wish list, purchase, return, exchange or cancel, as well as your past transactions.
  • Communications with us including information you provide when communicating with us, for example when you send a customer support request.
  • Device information including information about your device, browser or network connection, IP address and other unique identifiers.
  • Usage information including information about your interaction with the Services, including how and when you interact with or browse the Services.

Sources of personal data

We may collect personal data from the following sources:

  • Directly from you. We collect data, among other things, when you create an account, access or use the Services, communicate with us, or otherwise provide us with your personal data.
  • Automatically via the Services. We collect data, among other things, from your device or when you use our products or Services or visit our website, including through the use of cookies and similar technologies.
  • From our service providers. We collect data, among other things, when we engage service providers to enable certain technologies and they collect or process your personal data on our behalf.
  • From our partners and other third parties.

How do we use your personal data?

Depending on how you interact with us or which of the Services you use, we may use personal data for the following purposes:

  • Providing, customising and improving the Services. We use your personal data to provide the Services to you. This includes, among other things, fulfilling our contract with you, processing your payments, fulfilling your orders, saving your configurations and items of interest, sending notifications relating to your account, creating, maintaining and otherwise managing your account, arranging shipping, facilitating returns and exchanges, enabling you to leave reviews, and creating a personalised shopping experience for you, for example by recommending products based on your purchases. This may also include using your personal data to better customise and improve the Services.
  • Marketing and advertising. We use your personal data for marketing and advertising purposes, for example to send marketing and promotional communications by email, SMS or post, and to show you online advertising for products or services relating to the Services or other websites, including based on items you have previously purchased or added to your cart, as well as other activities relating to the Services.
  • Security and fraud prevention. We use your personal data to authenticate your account, provide a secure payment and shopping experience, detect, investigate or take action against potentially fraudulent, illegal, unsafe or malicious activities, protect public safety and ensure the security of our Services. If you choose to use the Services and register an account, you are responsible for protecting your account credentials. We strongly recommend that you do not share your username, password or other access credentials with other people.
  • Communicating with you. We use your personal data to provide customer support and effective Services, to respond to your enquiries in a timely manner and to maintain our business relationship with you.
  • Legal reasons. We use your personal data to comply with applicable law or to respond to lawful legal proceedings, including requests from law enforcement or regulatory authorities, to investigate or participate in civil investigations, potential or actual litigation or other adversarial proceedings, and to investigate potential violations of our terms or policies or to enforce our terms and policies.

How do we share personal data?

In certain circumstances, we may share your personal data with third parties for legitimate purposes in accordance with this Privacy Policy. Such circumstances may include:

  • At Shopify, these are providers and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfilment and shipping).
  • We share personal data with business and marketing partners who provide marketing services for you and display advertising to you. We use Shopify, for example, to support personalised advertising with third-party services based on your online activity across various merchants and websites. Our business and marketing partners use your data in accordance with their own privacy policies. Depending on where you reside, you may have the right to instruct us not to share information about you in order to show you targeted advertising and marketing based on your online activity across various merchants and websites.
  • Where you request or otherwise consent to certain information being shared with third parties, for example to deliver products to you, or where you use social media widgets or login integrations.
  • We share personal data with our affiliates or otherwise within our corporate group.
  • In connection with a business transaction such as a merger or insolvency, to comply with applicable legal obligations (including responding to subpoenas, search warrants and similar requests), to enforce applicable terms of service or policies, and to protect or defend the Services, our rights and the rights of our users or others.

Web Analytics with Google Analytics 4 (GA4)

We use Google Analytics 4 (GA4) on this website, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). Google Analytics uses so-called "cookies" and similar technologies (e.g. local storage) that enable analysis of your use of the website.

Data processed: IP address (truncated / IP anonymisation active), device and browser information, approximate location (country/region), pages visited, time on site, click and scroll behaviour, referral source. No directly identifying personal data is transmitted to Google.

Property ID: 533591699 (HOLYGRADE Shop) · Measurement ID: G-8BSCYSJKJ4

Legal basis: Your consent pursuant to Art. 6(1)(a) GDPR (General Data Protection Regulation) and Art. 31(1) of the Swiss Federal Act on Data Protection (FADP). Prior to setting analytical cookies, we actively request your consent via our cookie banner. No implied or assumed consent is used.

Retention period: 14 months for event and user data in GA4.

Withdrawal of consent: You may withdraw your consent at any time via the cookie banner (link "Cookie Settings" in the footer). You may also install the browser add-on to disable Google Analytics: https://tools.google.com/dlpage/gaoptout.

Data transfer to the USA: Google may transfer personal data to the USA. Google is certified under the EU–US Data Privacy Framework. Further information: https://policies.google.com/privacy.

Cookies and Similar Technologies

This website uses the following categories of cookies and similar technologies:

  • Necessary cookies: Required for shopping cart, login session and security (e.g. CSRF protection). Set without consent — legal basis Art. 6(1)(b) GDPR.
  • Analytics cookies (Google Analytics 4): Only set after active consent in the cookie banner.
  • Functional cookies (Shopify): E.g. language and currency preferences.

A full list of cookies used, their retention periods and providers can be found in our Cookie Settings (link in the footer).

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal data about your access to and use of the Services in order to provide and improve the Services for you. Data you submit to the Services is shared with Shopify and with third parties that may be located in countries other than your country of residence, in order to provide and improve the Services for you. To protect, expand and improve our business, we also use certain advanced Shopify features that incorporate data and information from your interactions with our shop, with other merchants and with Shopify. To provide these advanced features, Shopify may use personal data collected from your interactions with our shop, other merchants and Shopify. In such circumstances, Shopify is responsible for processing your personal data, including responding to your requests to exercise your rights regarding the use of your personal data for these purposes. For more information about how Shopify uses your personal data and what rights you have, please see the Shopify Consumer Privacy Policy. Depending on where you reside, you may exercise certain rights in relation to your personal data listed here via the Shopify Privacy Portal.

Third-Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to websites that are not affiliated with or controlled by us, you should review their privacy and security policies and any other terms and conditions. We make no guarantees and accept no responsibility for the privacy or security of such websites, including the accuracy, completeness or reliability of the information found on those websites. Information you provide in public or semi-public venues, including information you share on third-party social networking platforms, may also be viewable by other users of the Services and/or users of those third-party platforms, without restriction on their use by us or by a third party. Our inclusion of such links does not imply that we endorse the content on those platforms or their owners or operators, unless expressly stated in the Services.

Children's Data

The Services are not intended for use by children, and we do not knowingly collect personal data from children who have not yet reached the age of majority in your country. If you are the parent or guardian of a child who has provided us with their personal data, you may contact us using the contact details below to request deletion of that data. At the time this Privacy Policy came into effect, we have no knowledge of having "shared" or "sold" (as defined under applicable law) personal data of individuals under the age of 16.

Security and Retention of Your Data

Please note that no security measures are perfect or impenetrable, and we therefore cannot guarantee "perfect security". Furthermore, information you send to us may be subject to risks during transmission. We recommend that you do not use insecure channels when transmitting sensitive or confidential information to us.

How long we retain your personal data depends on various factors, including whether we need the data to manage your account, provide Services to you, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.

Your Rights and Options

Depending on where you reside, you may have some or all of the rights set out below in relation to your personal data. However, these rights are not absolute, may only apply in certain circumstances, and in certain cases we may decline your request to the extent permitted by law.

  • Right of access. You may have the right to request access to the personal data we hold about you.
  • Right to erasure. You may have the right to request that we erase the personal data we hold about you.
  • Right to rectification. You may have the right to request that we correct inaccurate personal data we hold about you.
  • Right to data portability. You may have the right to receive a copy of the personal data we hold about you and to request that we transfer it to a third party in certain circumstances and subject to certain exceptions.
  • Managing communication preferences. We may send you promotional emails. You may opt out of receiving these emails at any time by using the unsubscribe option included in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders you have placed.

If you reside in the United Kingdom or the European Economic Area, you may, subject to exceptions and limitations under local law, exercise the following rights in addition to those listed above:

  • Right to object and right to restriction of processing. You may have the right to request that we stop or restrict the processing of personal data for certain purposes.
  • Withdrawal of consent. Where we rely on consent as the legal basis for processing your personal data, you have the right to withdraw that consent. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of your consent prior to its withdrawal.

You may exercise these rights where indicated in the Services, or by contacting us using the contact details provided below. For more information about how Shopify uses your personal data and what rights you have, including rights in relation to data processed by Shopify, please visit https://privacy.shopify.com/en.

Exercising these rights will not result in any disadvantage to you. To the extent permitted or required by applicable law, we may need to verify your identity before processing your requests. In accordance with applicable law, you may designate an authorised agent to submit requests to exercise your rights on your behalf. Before accepting such a request from a representative, we require that representative to provide evidence that you have authorised them to act on your behalf. This may require you to confirm your identity directly with us. We will respond to your request promptly in accordance with applicable law.

Complaints

If you have complaints about how we process your personal data, please contact us using the contact details provided below. Depending on where you reside, you have the right to appeal our decision by contacting us at the details below or by filing a complaint with the competent data protection authority. A list of the competent data protection supervisory authorities for the European Economic Area is available here.

International Transfers

Please note that we may transfer, store and process your personal data outside the country in which you reside.

Where we transfer your personal data outside the European Economic Area or the United Kingdom, we rely on recognised transfer mechanisms such as the European Commission's standard contractual clauses or equivalent contracts issued by the relevant competent authority in the United Kingdom, unless the data transfer is to a country that has been confirmed to offer an adequate level of protection.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our practices, or for other operational, legal or regulatory reasons. We will post the revised Privacy Policy on this website, update the "Last updated" date accordingly, and make any notifications required by applicable law.

Contact

If you have questions about our privacy practices or this Privacy Policy, or if you wish to exercise any of your rights, please contact us by phone at +41 76 282 50 66, by email at support@holygrade.com, or by post at Blockreaction Investments GmbH (brand HOLYGRADE), Kirchstrasse 10, 4227 Büsserach, Switzerland. For the purposes of applicable data protection law, we are the data controller of your personal data.