Privacy Policy

www.paintandpick.com | Last updated: January 2026

1. Introduction and Scope

With this privacy policy we inform you about the processing of your personal data in connection with the use of our website www.paintandpick.com. This privacy policy complies with the Swiss Data Protection Act (DSG) and the European General Data Protection Regulation (GDPR).

The use of our website requires acceptance of this privacy policy and consent to data processing.

2. Responsible Party

Responsible for data processing is:

Paint and Pick
Marco Baumgartner
Zeughausstrasse 4
3400 Burgdorf, Switzerland
E-Mail:

3. Types of Data Collected

3.1 Automatically Collected Data

Each time you access our website, technical access data is automatically collected, including anonymized IP address, browser type, operating system, pages visited, and date and time of access.

3.2 Cookies and Similar Technologies

Our website uses cookies. Cookies are small text files stored on your device. We use:

  • Technically necessary cookies for website operation
  • Language cookies to store your preferred language
  • Authentication cookies for login

3.3 Account Data

When registering, the following data is collected:

  • Email address (required)
  • Display name (optional)
  • Password (stored encrypted)

4. Advertising Statistics for Companies

When a shopping list with company logo is printed, we collect anonymous statistics for advertising companies.

Privacy-friendly: We store NO IP addresses and NO personal data. Users remain completely anonymous.

4.1 What is stored?

Data Stored? Purpose
IP Address NO -
Name/Email NO -
City/Region YES Statistics for companies
Country YES Statistics for companies
Timestamp YES Statistics for companies
IP Hash (daily) YES Spam protection only

4.2 GeoIP Service

For location detection we use the free, non-commercial service ip-api.com. This service provides us only with city and country based on the IP address - the IP itself is not stored.

  • The IP address is only used temporarily for the query
  • Only city/region and country are stored
  • Results are cached for 24 hours to minimize API requests

4.3 IP Hash Explanation

To prevent spam (multiple counting on the same day), a hash of the IP address with a daily salt is created. This hash changes every day and cannot be traced back to the original IP. It is used exclusively for deduplication.

5. Google AdSense

Our website uses Google AdSense, a service of Google Ireland Limited, to display advertisements. Google AdSense uses cookies and web beacons to show ads that may be relevant to you.

The following data may be collected and transmitted to Google:

  • IP address
  • Visited websites
  • Browser information
  • Interactions with advertisements
As our service is aimed at children, only non-personalised advertisements are served. No interest-based profiling takes place; ads are flagged to Google as child-directed.

Legal Basis: Your consent (Art. 6 Para. 6 DSG; Art. 6 Para. 1 lit. a GDPR)
More Information: https://policies.google.com/technologies/ads

6. Data Transfer to Third Parties

We do not share your personal data with third parties unless necessary for the purposes stated in this privacy policy.

Google Ireland Limited / Google LLC: In the context of Google AdSense, data is transmitted to Google. Google processes this data as an independent controller according to Google's privacy policy.

ip-api.com: For location detection, the IP address is sent to ip-api.com. However, only the result (city/country) is stored, not the IP.

7. Data Transfer Abroad

When using Google AdSense, personal data may be transferred to the USA. Google LLC is certified under the EU-U.S. Data Privacy Framework.

8. Consent

On your first visit to our website, you will be asked to give your consent to data processing.

You can revoke your consent at any time with effect for the future by deleting cookies in your browser.

9. Storage Duration

We store your personal data only as long as necessary to fulfill the purposes:

  • Account data: Until account deletion
  • Advertising statistics (city/country): Indefinite (anonymous data)
  • IP hash: Becomes invalid daily (new salt)

10. Your Rights

Under applicable data protection law, you have the following rights:

  • Right of access: You can request information about your personal data stored with us.
  • Right to rectification: You can request correction of inaccurate data.
  • Right to erasure: You can request deletion of your data under certain conditions.
  • Right to restriction: You can request restriction of processing of your data.
  • Right to object: You can object to the processing of your data.
  • Data portability: You can request that we transfer your data in a common format.
  • Right to withdraw: You can withdraw your consent at any time.

To exercise these rights, you can contact the responsible party mentioned above.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority:

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, www.edoeb.admin.ch
  • EU: The competent supervisory authority of your country of residence or stay.

12. Data Security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access, loss, misuse or destruction. Our website uses SSL/TLS encryption, recognizable by "https://" in the browser bar.

13. Hosting

This website is hosted on servers in Switzerland. All data remains on Swiss server infrastructure and is subject to Swiss data protection law.

14. Changes to this Privacy Policy

We reserve the right to modify this privacy policy at any time. The current version is always published on our website.

15. Contact

If you have questions about data protection or wish to exercise your rights, you can contact us at the address above or by email.

This privacy policy was created in accordance with the Swiss Data Protection Act (DSG) and the EU General Data Protection Regulation (GDPR).