Last updated: 2026-05-29
This notice explains how we process your personal data when you use this website or buy our products. We are the company behind Divine Noni (full wordmark "Prof. Peter's Original Divine Noni"). In this notice "we", "us", and "our" mean the data controller named below.
We are domiciled in Switzerland and we sell across Europe, including the European Union and the European Economic Area (EU/EEA), Switzerland, and Norway. For that reason this notice is written to comply with two laws at once:
Where the two regimes use different words for the same right, we give you the stronger of the two. The Swiss Federal Data Protection and Information Commissioner (FDPIC) and your local EU/EEA supervisory authority both apply.
The data controller responsible for your personal data is:
For any privacy question, write to privacy@divinenoni.com. For general support, write to support@divinenoni.com.
Because the controller is domiciled in Switzerland, it is the Swiss entity that is responsible for your data under both the revFADP and, for EU/EEA data subjects, the GDPR.
The controller is established in Switzerland, which is outside the EU/EEA, and we offer goods to people in the EU/EEA. Under Article 27 GDPR we have appointed an EU representative. You may contact the representative on all matters relating to the processing of your personal data, in addition to contacting us directly. Supervisory authorities may also use this contact.
Our EU representative is:
Article 14 revFADP requires a Swiss representative only for controllers domiciled abroad. Our controller is domiciled in Switzerland, so no Swiss Article 14 representative is required. The EU Article 27 representative above is a separate, EU-side requirement.
We have not appointed a data protection officer (DPO). We are not required to appoint one under the GDPR or the revFADP on our current processing. The contact point for all privacy and data protection matters is privacy@divinenoni.com. We answer every request sent to that address.
If we appoint a DPO in future, we will name them and their contact details here.
We collect only the data we need to run the store and serve you. We collect it directly from you. The categories are:
| Category of data | What it includes | Why we process it |
|---|---|---|
| Identity and contact data | Name, email address | Creating and managing your account, contacting you |
| Delivery data | Delivery address | Fulfilling and shipping your order |
| Order and subscription data | Order history, subscription status and billing cycle | Managing your orders and subscription, customer support |
| Payment data | Card or bank details, handled entirely by Stripe | Taking payment and managing recurring billing. We never see or store full card numbers |
| Technical data | IP address, basic device data | Security and fraud prevention |
| Site usage data | Pages visited, referrers, aggregated only | Understanding how the store is used, via Plausible (cookieless) |
Under the GDPR every purpose needs a legal basis under Article 6. The revFADP does not use the same list of bases, but it requires that processing be lawful, proportionate, in good faith, and for a purpose you can recognise. The table below maps both.
| Purpose | GDPR legal basis (Article 6) | revFADP basis |
|---|---|---|
| Order fulfilment and subscription management | Article 6(1)(b), performance of a contract | Processing necessary to perform the contract you entered |
| Transactional email (order confirmation, shipping, account notices) | Article 6(1)(b), performance of a contract | Processing necessary to perform the contract |
| Security and fraud prevention | Article 6(1)(f), legitimate interests | Lawful processing for a recognisable purpose, balanced against your interests |
| Cookieless analytics (Plausible) | Article 6(1)(f), legitimate interests | Lawful processing for a recognisable purpose, aggregate only |
| Keeping order and accounting records | Article 6(1)(c), legal obligation | Statutory record-keeping duty under Swiss law |
| Marketing email | Article 6(1)(a), consent | Consent, which you can withdraw at any time |
Where we rely on legitimate interests (Article 6(1)(f) GDPR), the specific interests are:
In each case we have weighed our interest against your rights and freedoms. The analytics are aggregate and cookieless, and the security data is the minimum needed. You can object to processing based on legitimate interests at any time (see "Your rights" below).
Providing certain personal data is a contractual requirement. To enter and perform a purchase or subscription contract with us, we need your name, delivery address, and payment data. Without this data we cannot accept your order, ship to you, or manage a subscription. Providing marketing consent is always optional and never a condition of buying from us.
We share your data only with the sub-processors below, and only as far as needed to deliver the service. Each acts under a contract that requires it to protect your data.
| Sub-processor | Role |
|---|---|
| **Stripe** | Payment processing and subscription billing |
| **Resend** | Transactional and marketing email delivery |
| **Supabase** | Database hosting (EU region) |
| **Sendcloud** | Shipping and delivery management |
| **Vercel** | Website hosting and edge functions |
| **Plausible** | Cookieless site analytics |
We do not sell your personal data. We do not share your personal data for advertising purposes.
We are a Swiss controller, so your data is processed under Swiss law. Switzerland and the EU/EEA recognise each other as providing an adequate level of data protection: the EU has issued an adequacy decision for Switzerland, and the Swiss Federal Council lists the EU/EEA as adequate in Annex 1 to the Data Protection Ordinance. Transfers between Switzerland and the EU/EEA therefore rest on adequacy.
Some sub-processors may process data in a country outside both Switzerland and the EU/EEA. Where that happens, the transfer relies on a recognised safeguard:
The Federal Council adequacy list (Data Protection Ordinance, Annex 1) governs which countries are deemed adequate for Swiss transfers, and the FDPIC publishes guidance on transfers abroad. You can request a copy of the safeguards we rely on, and the current list of sub-processors with their data locations, by writing to privacy@divinenoni.com.
We keep data only as long as we need it for the purpose we collected it, in line with the proportionality principle (revFADP Article 6(4)) and storage limitation under the GDPR.
| Data | Retention | Basis |
|---|---|---|
| Order and accounting records | 10 years | Legal obligation: Swiss Code of Obligations Article 958f and equivalent EU tax and accounting law (GDPR Article 6(1)(c)) |
| Account data | While your account is active, then deleted within 30 days of a deletion request, subject to the 10-year record-keeping duty above | Contract, then erasure on request |
| Marketing consent | Until you withdraw consent | Consent |
| Analytics data | Aggregate only, no personal identifiers retained | Legitimate interests |
We keep a record of our processing activities, as required by revFADP Article 12 (and Article 30 GDPR where it applies). The small-business exemption for the record-keeping duty does not remove our duty to inform you under revFADP Article 19. We keep these records available to the FDPIC on request.
You have strong rights over your personal data under both the revFADP and the GDPR. We give you the stronger protection of the two. Your rights include:
To exercise any of these rights, write to privacy@divinenoni.com. We will respond within one month. For complex or numerous requests we may extend this by up to two further months under GDPR Article 12(3), and we will tell you if we need to.
Where we process your data on the basis of consent, which for us means marketing email, you can withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing we carried out before you withdrew it. To withdraw, use the unsubscribe link in any marketing email or write to privacy@divinenoni.com.
You can always contact us first at privacy@divinenoni.com, and we will try to resolve your concern. You also have the right to lodge a complaint with a supervisory authority.
The FDPIC is:
The FDPIC supervises private controllers and can open investigations under revFADP Article 49 and following. Up-to-date contact details for the FDPIC and for EU/EEA authorities are published on their own websites.
We use cookieless analytics. Our analytics provider, Plausible, sets no tracking cookies and stores no information on your device beyond what is strictly necessary. Because we set no tracking or profiling cookies, we rely on the strictly-necessary exemption in Article 5(3) of the EU ePrivacy Directive (2002/58/EC), and no cookie consent banner is required.
Switzerland has no general ePrivacy-style cookie consent statute. Transparency under revFADP Article 19, which this notice provides, is sufficient. The purpose of the analytics is aggregate site measurement only. There is no personal profiling.
If we ever set a strictly-necessary cookie (for example a session, cart, or security cookie), it would rely on the same strictly-necessary exemption and would not be used for tracking.
We do not carry out automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you. Our analytics are cookieless and aggregate, and we do not profile you for advertising. This is the position under both GDPR Article 22 and revFADP Article 21. If this ever changes, we will tell you, explain the logic involved, and tell you about your right to state your view and to request human review.
We collect all personal data directly from you. We do not buy or receive your personal data from third-party sources. For that reason the third-party source disclosure under GDPR Article 14 does not apply. If we ever receive personal data about you from another source, for example fraud-screening signals from a payment provider, we will tell you the source and the categories of data concerned.
This website and our products are not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has given us personal data, write to privacy@divinenoni.com and we will delete it.
Divine Noni is a food supplement and daily wellness drink. It is not a medicine or a medical device. It is not intended to diagnose, treat, or prevent any disease.
We will update this notice when our data practices change. We will tell active subscribers about material changes by email. The "Last updated" date at the top of this page always reflects the most recent revision.