Prof. Peter's Original Divine Noni

Privacy Notice

Last updated: 2026-05-29

This notice explains how we process your personal data when you use this website or buy our products. We are the company behind Divine Noni (full wordmark "Prof. Peter's Original Divine Noni"). In this notice "we", "us", and "our" mean the data controller named below.

We are domiciled in Switzerland and we sell across Europe, including the European Union and the European Economic Area (EU/EEA), Switzerland, and Norway. For that reason this notice is written to comply with two laws at once:

  • the Swiss revised Federal Act on Data Protection (revFADP, also known as nFADP, nLPD, or revDSG), in force since 1 September 2023; and
  • the EU General Data Protection Regulation (GDPR), for data subjects in the EU/EEA.

Where the two regimes use different words for the same right, we give you the stronger of the two. The Swiss Federal Data Protection and Information Commissioner (FDPIC) and your local EU/EEA supervisory authority both apply.

Data controller

The data controller responsible for your personal data is:

  • [TO BE COMPLETED: registered legal name]
  • [TO BE COMPLETED: legal form, e.g. GmbH / Sàrl / AG / SA]
  • [TO BE COMPLETED: registered address including canton and country]
  • Commercial register: [TO BE COMPLETED: commercial register entry and UID, e.g. CHE-123.456.789]
  • VAT / MWST: [TO BE COMPLETED: VAT / MWST number, e.g. CHE-123.456.789 MWST]

For any privacy question, write to privacy@divinenoni.com. For general support, write to support@divinenoni.com.

Because the controller is domiciled in Switzerland, it is the Swiss entity that is responsible for your data under both the revFADP and, for EU/EEA data subjects, the GDPR.

EU representative (GDPR Article 27)

The controller is established in Switzerland, which is outside the EU/EEA, and we offer goods to people in the EU/EEA. Under Article 27 GDPR we have appointed an EU representative. You may contact the representative on all matters relating to the processing of your personal data, in addition to contacting us directly. Supervisory authorities may also use this contact.

Our EU representative is:

  • [TO BE COMPLETED: name and EU address of the Article 27 EU representative]

No Swiss representative needed

Article 14 revFADP requires a Swiss representative only for controllers domiciled abroad. Our controller is domiciled in Switzerland, so no Swiss Article 14 representative is required. The EU Article 27 representative above is a separate, EU-side requirement.

Data protection contact

We have not appointed a data protection officer (DPO). We are not required to appoint one under the GDPR or the revFADP on our current processing. The contact point for all privacy and data protection matters is privacy@divinenoni.com. We answer every request sent to that address.

If we appoint a DPO in future, we will name them and their contact details here.

What personal data we collect, and why

We collect only the data we need to run the store and serve you. We collect it directly from you. The categories are:

Category of dataWhat it includesWhy we process it
Identity and contact dataName, email addressCreating and managing your account, contacting you
Delivery dataDelivery addressFulfilling and shipping your order
Order and subscription dataOrder history, subscription status and billing cycleManaging your orders and subscription, customer support
Payment dataCard or bank details, handled entirely by StripeTaking payment and managing recurring billing. We never see or store full card numbers
Technical dataIP address, basic device dataSecurity and fraud prevention
Site usage dataPages visited, referrers, aggregated onlyUnderstanding how the store is used, via Plausible (cookieless)

Legal basis for each purpose

Under the GDPR every purpose needs a legal basis under Article 6. The revFADP does not use the same list of bases, but it requires that processing be lawful, proportionate, in good faith, and for a purpose you can recognise. The table below maps both.

PurposeGDPR legal basis (Article 6)revFADP basis
Order fulfilment and subscription managementArticle 6(1)(b), performance of a contractProcessing necessary to perform the contract you entered
Transactional email (order confirmation, shipping, account notices)Article 6(1)(b), performance of a contractProcessing necessary to perform the contract
Security and fraud preventionArticle 6(1)(f), legitimate interestsLawful processing for a recognisable purpose, balanced against your interests
Cookieless analytics (Plausible)Article 6(1)(f), legitimate interestsLawful processing for a recognisable purpose, aggregate only
Keeping order and accounting recordsArticle 6(1)(c), legal obligationStatutory record-keeping duty under Swiss law
Marketing emailArticle 6(1)(a), consentConsent, which you can withdraw at any time

Our legitimate interests

Where we rely on legitimate interests (Article 6(1)(f) GDPR), the specific interests are:

  • Security and fraud prevention: protecting the website, our customers, and us from fraud, abuse, and misuse.
  • Cookieless analytics: understanding aggregate site usage so we can keep the store working well and improve it.

In each case we have weighed our interest against your rights and freedoms. The analytics are aggregate and cookieless, and the security data is the minimum needed. You can object to processing based on legitimate interests at any time (see "Your rights" below).

Whether you must provide your data

Providing certain personal data is a contractual requirement. To enter and perform a purchase or subscription contract with us, we need your name, delivery address, and payment data. Without this data we cannot accept your order, ship to you, or manage a subscription. Providing marketing consent is always optional and never a condition of buying from us.

Recipients and sub-processors

We share your data only with the sub-processors below, and only as far as needed to deliver the service. Each acts under a contract that requires it to protect your data.

Sub-processorRole
**Stripe**Payment processing and subscription billing
**Resend**Transactional and marketing email delivery
**Supabase**Database hosting (EU region)
**Sendcloud**Shipping and delivery management
**Vercel**Website hosting and edge functions
**Plausible**Cookieless site analytics

We do not sell your personal data. We do not share your personal data for advertising purposes.

International transfers

We are a Swiss controller, so your data is processed under Swiss law. Switzerland and the EU/EEA recognise each other as providing an adequate level of data protection: the EU has issued an adequacy decision for Switzerland, and the Swiss Federal Council lists the EU/EEA as adequate in Annex 1 to the Data Protection Ordinance. Transfers between Switzerland and the EU/EEA therefore rest on adequacy.

Some sub-processors may process data in a country outside both Switzerland and the EU/EEA. Where that happens, the transfer relies on a recognised safeguard:

  • an adequacy decision (EU) or inclusion on the Swiss Federal Council adequacy list (revFADP Article 16), where one applies; or
  • the EU Standard Contractual Clauses, with the Swiss addendum recognised by the FDPIC, under Chapter V GDPR and revFADP Article 16/17.

The Federal Council adequacy list (Data Protection Ordinance, Annex 1) governs which countries are deemed adequate for Swiss transfers, and the FDPIC publishes guidance on transfers abroad. You can request a copy of the safeguards we rely on, and the current list of sub-processors with their data locations, by writing to privacy@divinenoni.com.

How long we keep your data

We keep data only as long as we need it for the purpose we collected it, in line with the proportionality principle (revFADP Article 6(4)) and storage limitation under the GDPR.

DataRetentionBasis
Order and accounting records10 yearsLegal obligation: Swiss Code of Obligations Article 958f and equivalent EU tax and accounting law (GDPR Article 6(1)(c))
Account dataWhile your account is active, then deleted within 30 days of a deletion request, subject to the 10-year record-keeping duty aboveContract, then erasure on request
Marketing consentUntil you withdraw consentConsent
Analytics dataAggregate only, no personal identifiers retainedLegitimate interests

Records of processing

We keep a record of our processing activities, as required by revFADP Article 12 (and Article 30 GDPR where it applies). The small-business exemption for the record-keeping duty does not remove our duty to inform you under revFADP Article 19. We keep these records available to the FDPIC on request.

Your rights

You have strong rights over your personal data under both the revFADP and the GDPR. We give you the stronger protection of the two. Your rights include:

  • Information and access: to know whether we process your data and to receive a copy of it (GDPR Article 15, revFADP Article 25).
  • Rectification: to have inaccurate data corrected (GDPR Article 16, revFADP Article 32).
  • Erasure: to have your data deleted, subject to legal retention duties such as the 10-year accounting rule (GDPR Article 17, revFADP right to deletion).
  • Restriction: to ask us to restrict processing in certain cases, for example while we check the accuracy of your data (GDPR Article 18).
  • Data portability and data handover: to receive your data in a structured, common, machine-readable format, or have it handed over (GDPR Article 20, revFADP Article 28).
  • Objection: to object to processing based on our legitimate interests, including profiling, at any time (GDPR Article 21, revFADP objection right).
  • Withdraw consent: to withdraw consent at any time where processing is based on consent (see below).

To exercise any of these rights, write to privacy@divinenoni.com. We will respond within one month. For complex or numerous requests we may extend this by up to two further months under GDPR Article 12(3), and we will tell you if we need to.

Withdrawing consent

Where we process your data on the basis of consent, which for us means marketing email, you can withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing we carried out before you withdrew it. To withdraw, use the unsubscribe link in any marketing email or write to privacy@divinenoni.com.

Complaints to a supervisory authority

You can always contact us first at privacy@divinenoni.com, and we will try to resolve your concern. You also have the right to lodge a complaint with a supervisory authority.

  • EU/EEA data subjects: you may complain to the data protection authority of your country of habitual residence, your place of work, or the place of the alleged infringement.
  • Switzerland: you may contact the Swiss Federal Data Protection and Information Commissioner (FDPIC).

The FDPIC is:

  • Eidgenoessischer Datenschutz- und Oeffentlichkeitsbeauftragter (EDOEB)
  • Feldeggweg 1, CH-3003 Bern, Switzerland
  • Online report form and current contact details: edoeb.admin.ch

The FDPIC supervises private controllers and can open investigations under revFADP Article 49 and following. Up-to-date contact details for the FDPIC and for EU/EEA authorities are published on their own websites.

Cookies and analytics

We use cookieless analytics. Our analytics provider, Plausible, sets no tracking cookies and stores no information on your device beyond what is strictly necessary. Because we set no tracking or profiling cookies, we rely on the strictly-necessary exemption in Article 5(3) of the EU ePrivacy Directive (2002/58/EC), and no cookie consent banner is required.

Switzerland has no general ePrivacy-style cookie consent statute. Transparency under revFADP Article 19, which this notice provides, is sufficient. The purpose of the analytics is aggregate site measurement only. There is no personal profiling.

If we ever set a strictly-necessary cookie (for example a session, cart, or security cookie), it would rely on the same strictly-necessary exemption and would not be used for tracking.

Automated decision-making and profiling

We do not carry out automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you. Our analytics are cookieless and aggregate, and we do not profile you for advertising. This is the position under both GDPR Article 22 and revFADP Article 21. If this ever changes, we will tell you, explain the logic involved, and tell you about your right to state your view and to request human review.

Source of data

We collect all personal data directly from you. We do not buy or receive your personal data from third-party sources. For that reason the third-party source disclosure under GDPR Article 14 does not apply. If we ever receive personal data about you from another source, for example fraud-screening signals from a payment provider, we will tell you the source and the categories of data concerned.

Children

This website and our products are not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has given us personal data, write to privacy@divinenoni.com and we will delete it.

A note on the product

Divine Noni is a food supplement and daily wellness drink. It is not a medicine or a medical device. It is not intended to diagnose, treat, or prevent any disease.

Updates to this notice

We will update this notice when our data practices change. We will tell active subscribers about material changes by email. The "Last updated" date at the top of this page always reflects the most recent revision.