Privacy statement

Version 2.3 – Updated: 01 June 2026

1. Controller

World of Whisky AG
Via Dimlej 6
7500 St. Moritz
Switzerland
E-mail: info@worldofwhisky.ch

2. General Information

We process personal data in accordance with the Swiss Federal Act on Data Protection (revDSG). We only process data that is necessary for operating our online shop, fulfilling orders, performing legally required age verification, processing payments, ensuring security, and conducting analytics and marketing activities.

3. Visiting Our Website

When you visit our website, the following data is automatically collected:

  • IP address
  • Date and time of access
  • Browser type and version
  • Operating system
  • Pages viewed
  • Referrer URL

This data is required to operate the website, ensure stability and security, and detect technical issues. Server logs are typically deleted after 30 days.

Hosting is provided by Microsoft Azure (Switzerland region).

4. Customer Account and Orders

When you create an account or place an order, we process:

  • Name and surname
  • Billing and shipping address
  • E-mail address
  • Phone number (optional)
  • Order history
  • Payment and delivery status

Data is processed for contract fulfilment, delivery, communication, and compliance with legal retention obligations (typically 10 years).

5. Age Verification (Alcohol Sales)

Swiss law requires that alcoholic beverages may only be sold to persons aged 18 or older. We therefore perform an age verification process.

5.1 Client-side Verification (CH ID, CH Passport, EU Passport)

For Swiss identity cards, Swiss passports and EU passports, the verification is performed entirely on the customer’s device:

  • No ID data is transmitted to our server.
  • Only the result (“18+ yes/no”) is sent to us.
  • No ID data is stored by us.

5.2 Manual Verification (Other Documents)

For unsupported documents, a manual verification is performed:

  • The customer uploads an image of the ID.
  • The verification is carried out by authorised staff.
  • All ID data is deleted immediately after verification.
  • Only the verification result is stored.

5.3 Legal Basis

  • Legal obligation (alcohol sales regulations)
  • Contract fulfilment
  • Legitimate interest in fraud prevention

6. Payment Processing (Wallee)

Payments are processed via the payment service provider Wallee (Visa, Mastercard, TWINT, PostFinance, invoice).

We do not receive full credit card details. We only receive transaction status (e.g., “paid”, “declined”) and technical references.

7. Shipping

To deliver your order, we share the following data with shipping providers:

  • Name
  • Address
  • Phone number (if required for delivery)

8. Contact Form and E-mail

If you contact us, we process:

  • Name
  • E-mail address
  • Message content

Data is deleted once the request has been resolved, unless legal obligations require retention.

9. Cookies and Consent Management

We use cookies and similar technologies to:

  • operate the shop (cart, login, checkout)
  • analyse usage (Google Analytics 4)
  • run marketing campaigns (Google Ads)

A cookie banner allows you to choose which categories you accept. You may change your preferences at any time.

Google services are only activated after consent (“Statistics” or “Marketing”).

10. Google Analytics 4

We use Google Analytics 4 (“GA4”) to analyse website usage and improve our services.

GA4 may collect:

  • IP address (anonymised)
  • Usage data (pages viewed, clicks, time spent)
  • Device information
  • Approximate location (country/region)
  • Technical events (loading times, interactions)

GA4 is only activated with your consent (“Statistics”). Data may be transferred to the USA under Google’s Standard Contractual Clauses (SCC).

11. Google Ads (Conversion Tracking & Remarketing)

We use Google Ads to measure conversions and display personalised advertising.

Google Ads may process:

  • Information about ad interactions
  • Conversion events (e.g., purchases)
  • Pseudonymous advertising identifiers
  • Remarketing audience data

Google Ads is only activated with your consent (“Marketing”). Data may be transferred to the USA under SCC.

12. Data Transfers Abroad

Data may be transferred to countries without an adequate level of protection (e.g., the USA) when using Google services.

Such transfers rely on Standard Contractual Clauses (SCC) and additional safeguards.

13. Data Retention

  • Order and accounting data: 10 years
  • Server logs: 30 days
  • Support requests: until resolved
  • Marketing/analytics data: until consent is withdrawn
  • ID data (manual verification): deleted immediately after verification

14. Your Rights

You have the following rights under Swiss law:

  • Right of access
  • Right to rectification
  • Right to deletion
  • Right to restriction of processing
  • Right to data portability
  • Right to withdraw consent
  • Right to object to processing

15. Data Security

We use appropriate technical and organisational measures to protect your data, including encryption (TLS), access controls and regular security reviews.

16. Changes to This Privacy Policy

We may update this Privacy Policy at any time. The current version is published on our website.

Product added to wishlist
Product added to compare.

This website uses cookies.

To learn about which cookies we use and how you can get rid of them, please refer to our Terms and Conditions and Privacy Policy.