Applicable Law — Please Read. Nutrivial.com is operated from Switzerland. The primary applicable law is the Swiss Federal Act on Data Protection (FADP / nDSG), which entered into force on 1 September 2023. If you are located in the European Union or European Economic Area, the EU General Data Protection Regulation (GDPR) also applies due to its extraterritorial scope (Art. 3 GDPR). This policy complies with both laws. Where they differ, we apply the higher standard. Because we collect health-related and sensitive personal data, we apply the highest level of protection available under both laws.
Nutrivial.com is the data controller responsible for your personal data.
Website: https://www.nutrivial.com
Email: health@nutrivial.com
Supervisory authority (Switzerland): Federal Data Protection and Information Commissioner (FDPIC) — www.edoeb.admin.ch
If you are in the EU/EEA, you may also contact your national data protection authority (see Section 9).
We collect different categories of data depending on how you use our website and services.
When you browse our website we automatically collect:
This data is collected via cookies and analytics tools. See our Cookie Policy for details.
When you contact us via our website contact form we collect your name, email address, and the content of your message.
If you subscribe to our newsletter (when available) we collect your email address and, optionally, your first name.
Sensitive Personal Data. Under the Swiss FADP (Art. 5(c)), health data, medication data, and data about your relationship with food are classified as sensitive personal data. Under EU GDPR (Art. 9), this constitutes special category data. We collect this data only with your explicit written consent before any processing begins. You may withdraw consent at any time without disadvantage.
When you subscribe to our nutrition coaching service we collect:
Sensitive Personal Data. The Nutrivial nutrition tool also collects health-related sensitive data under both the FADP and GDPR. We collect and process this data only with your explicit consent, obtained before you begin using the tool.
When you use the Nutrivial nutrition analysis tool we collect:
Under both the FADP and GDPR, we must have a lawful basis for every type of processing.
| Purpose | Legal Basis — FADP | Legal Basis — GDPR |
|---|---|---|
| Operate the website | Legitimate interests (Art. 31) | Legitimate interests (Art. 6(1)(f)) |
| Respond to contact form | Legitimate interests (Art. 31) | Legitimate interests (Art. 6(1)(f)) |
| Send newsletter | Consent (Art. 6(6)) | Consent (Art. 6(1)(a)) |
| Deliver coaching service | Contract + Explicit consent (Art. 6(6)) | Contract (Art. 6(1)(b)) + Explicit consent (Art. 9(2)(a)) |
| Operate nutrition tool | Explicit consent (Art. 6(6)) | Explicit consent (Art. 6(1)(a) + Art. 9(2)(a)) |
| Improve website (analytics) | Legitimate interests or Consent | Legitimate interests or Consent (Art. 6(1)(f)/(a)) |
| Comply with legal obligations | Legal obligation (Art. 31) | Legal obligation (Art. 6(1)(c)) |
Health data, medication data, and data about your relationship with food are sensitive personal data under both the FADP and GDPR. We apply the following additional safeguards:
If and when we introduce a newsletter service:
We do not sell your personal data. We share data only where necessary and only with the following categories of recipients, all bound by data processing agreements.
We may disclose data to competent authorities (Swiss or EU) where required by law, court order, or to protect legal rights.
| Data Category | Retention Period | Basis |
|---|---|---|
| Website contact form | 12 months from last contact | Legitimate interests |
| Newsletter subscriptions | Until you unsubscribe | Consent; deleted on withdrawal |
| Coaching service — general data | Coaching period + 2 years | Contract performance |
| Coaching service — health data | Coaching period + 2 years | Explicit consent; deletable on request |
| Nutrition tool data | Account life + 12 months after last use | Explicit consent; deletable on request at any time |
| Analytics data | Up to 26 months (anonymised) | Legitimate interests / consent |
| Financial / invoicing records | 10 years | Swiss legal obligation (Art. 958f CO) |
You may request early deletion of any data at any time (see Section 9). Health data will always be deleted promptly on request.
Your personal data is primarily stored on servers operated by Green.ch, located in Switzerland. Switzerland benefits from an EU adequacy decision: the European Commission recognised Switzerland as providing an adequate level of data protection (decision of 26 July 2000, confirmed on 15 January 2024 under the GDPR framework). Data flows between Switzerland and the EU/EEA are therefore unrestricted in both directions.
We use Google Analytics, which may transfer anonymised usage data to Google LLC servers in the United States. Transfer safeguards in place:
Google privacy policy: policies.google.com/privacy
Google Analytics opt-out: tools.google.com/dlpage/gaoptout
Beyond Google Analytics, we do not knowingly transfer your personal data outside Switzerland or the EU/EEA. If we add an email marketing provider based outside Switzerland or the EU/EEA, we will ensure appropriate transfer safeguards are in place and update this section accordingly.
You have the following rights regarding your personal data. To exercise any right, email health@nutrivial.com. We will respond within 30 days.
| Your Right | Under FADP | Under GDPR |
|---|---|---|
| Right of access | Art. 25 FADP | Art. 15 GDPR |
| Right to rectification | Art. 32 FADP | Art. 16 GDPR |
| Right to erasure / deletion | Art. 32 FADP | Art. 17 GDPR |
| Right to restriction of processing | Honoured voluntarily | Art. 18 GDPR |
| Right to data portability | Art. 28 FADP | Art. 20 GDPR |
| Right to object | Art. 30 FADP | Art. 21 GDPR |
| Right to withdraw consent | Art. 6(7) FADP | Art. 7(3) GDPR |
| Right to lodge a complaint | FDPIC (edoeb.admin.ch) | Your national DPA |
Swiss supervisory authority: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern — www.edoeb.admin.ch
EU/EEA users may also lodge complaints with their national data protection authority (e.g. Ireland: dataprotection.ie; Netherlands: autoriteitpersoonsgegevens.nl).
We take appropriate technical and organisational measures to protect your personal data, including:
In the event of a personal data security breach likely to result in high risk to your rights:
Under the Swiss FADP, penalties for deliberate violations are imposed on responsible individuals and can reach up to CHF 250,000. Under the GDPR, fines can reach up to €20 million or 4% of global annual turnover. We take compliance seriously.
Our website and services are not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at health@nutrivial.com and we will delete it promptly.
We may update this Privacy Policy from time to time to reflect changes to our services, data practices, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top and, where appropriate, notify you by email. We encourage you to review this page periodically.
Data Controller Contact
Nutrivial.com
Email: health@nutrivial.com
Website: https://www.nutrivial.com
Supervisory authority: FDPIC — www.edoeb.admin.ch
We aim to respond to all data protection enquiries within 30 days.
© 2026 Nutrivial. All rights reserved.