Privacy policy

Last updated: November 24, 2025

Kösme operates this store and website, including all related information, content, features, tools, products and services, to provide you, the customer, with a curated shopping experience (the "Services"). Kōsme is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.

Personal Information We Collect or Process

When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified so that it cannot be identified or be reasonably linked to you. We may collect or process the following categories of personal information, including inferences drawn from this personal information, depending on how you interact with the Services, where you live, and as permitted or required by applicable law:

Contact details, including your name, address, billing address, shipping address, phone number, and email address.
Financial information, including credit card, debit card, and financial account numbers, payment card information, financial account information, transaction details, form of payment, payment confirmation and other payment details.
Account information, including your username, password, security questions, preferences and settings.
Transaction information, including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel and your past transactions.
Communications with us, including the information you include in communications with us, for example, when sending a customer support inquiry.
Device information, including information about your device, browser, or network connection, your IP address, and other unique identifiers.
Usage information, including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.

Personal Information Sources

We may collect personal information from the following sources:

Directly from you, including when you create an account, visit or use the Services, communicate with us, or otherwise provide us with your personal information;
Automatically through the Services, including from your device when you use our products or services or visit our websites, and through the use of cookies and similar technologies;
From our service providers, including when we engage them to enable certain technology, and when they collect or process your personal information on our behalf;
From our partners or other third parties.

How We Use Your Personal Information

Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:

Provide, tailor, and improve the Services. We use your personal information to provide you with the Services, including to perform our contract with you, to process your payments, to fulfil your orders, to remember your preferences and items you are interested in, to send notifications to you related to your account, to process purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, to facilitate any returns and exchanges, to enable you to post reviews, and to create a customised shopping experience for you, such as recommending products related to your purchases. This may include using your personal information to better tailor and improve the Services.
Marketing and Advertising. We use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you online advertisements for products or services on the Services or other websites, including based on items you previously have purchased or added to your cart and other activity on the Services.
Security and Fraud Prevention. We use your personal information to authenticate your account, to provide a secure payment and shopping experience, detect, investigate or take action regarding possible fraudulent, illegal, unsafe, or malicious activity, protect public safety, and to secure our services. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password or other access details with anyone else.
Communicating with You. We use your personal information to provide you with customer support, to be responsive to you, to provide effective services to you and to maintain our business relationship with you.
Legal Reasons. We use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, potential or actual litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our terms or policies.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

With Shopify and vendors and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfilment and shipping). Shopify provides the platform and hosting for our store, and we share customer, order and technical data with Shopify as required to run the store and provide checkout and related features. Shopify may process certain data for its own purposes as described in Shopify’s privacy documentation.
With business and marketing partners to provide marketing services and advertise to you. For example, we use Shopify to support personalised advertising with third-party services based on your online activity with different merchants and websites. Our business and marketing partners will use your information in accordance with their own privacy notices. Depending on where you reside, you may have a right to direct us not to share information about you to show you targeted advertisements and marketing based on your online activity with different merchants and websites.
When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations.
With our affiliates or otherwise within our corporate group.
In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you. In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over the use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy. Depending on where you live, you may exercise certain rights with respect to your personal information at here Shopify Privacy Portal Link.

Third Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

Use of Google Services

We use Google services in connection with the Services, including but not limited to Google Ads, Google Analytics, Google Tag Manager, Google reCAPTCHA and related advertising, analytics and measurement products (“Google Services”).

Data collected. Google Services may collect information, including device and browser data, cookies and other identifiers, IP address, page and interaction events, referral and campaign data, conversion and transaction data, and advertising identifiers.
Roles and responsibilities. We are the data controller for the personal data we collect directly from you in connection with the Services. Google may act as an independent controller in respect of data it collects and uses for its own purposes (for example, personalised advertising and Google’s measurement products). In other cases, Google processes data on our behalf as a processor under Google’s Data Processing Terms. Where Google acts on our behalf, processing is governed by applicable contracts and safeguards.
Purposes. Data collected via Google Services may be used to: provide, operate, and secure the Services; perform analytics and site measurement; provide and measure advertising and remarketing; attribute conversions and evaluate campaign performance; and detect and prevent fraud and abuse.
Consent and implementation (EEA / Switzerland / UK). For visitors in Switzerland, the European Economic Area and the United Kingdom, we obtain required consent before setting non-essential cookies or similar tracking technologies used for advertising, analytics or tracking. Non-essential Google scripts and tags (including Ads, Analytics and remarketing tags) are blocked by default until a visitor gives explicit consent via our cookie banner or consent management tool. Consent is recorded (who, what, when) and may be withdrawn via the cookie settings or by contacting us. Where implemented, Google Consent Mode is used to respect visitor choices while allowing limited measurement consistent with consent.
Retention and IP handling. Google retains data it collects in accordance with its own policies. Where configurable, we apply the shortest retention settings available and enable IP anonymisation/pseudonymisation options provided by Google Analytics. For exact retention periods and handling details, see Google’s product documentation and privacy policy.
International transfers and safeguards. Google may process and store data in countries outside Switzerland or the EEA/UK. Such transfers rely on Google’s transfer mechanisms and contractual safeguards (for example, standard contractual clauses) and Google’s privacy and security measures. You can find additional information in Google’s privacy documentation.
Google’s independent use and your choices. Google may combine data collected through our Services with data from other Google services and use it for its own purposes. You may control or opt out of personalised advertising by using Google’s Ad Settings, by adjusting browser cookie settings, or by using opt-out tools provided by Google and third parties. You may also exercise data rights with Google directly via Google’s privacy controls.
Sharing and legal basis. Where we enable Google to collect data on our behalf or share data with Google, such sharing is done under contractual safeguards and in accordance with this Privacy Policy. Processing necessary to perform the contract with you (such as to process orders and payments) is carried out on that legal basis; processing for advertising and analytics relies on consent where required.
Further information. For details on Google’s processing, retention and privacy controls, consult Google’s Privacy Policy and the relevant Google product documentation.

Children’s Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of majority in your jurisdiction. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted. As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

Security and Retention of Your Information

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.

How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide you with Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.

We conduct regular reviews of the information we hold. If retention is no longer justified by legal or business requirements, or if you exercise your right to modify or delete your data, we will securely erase the information. The retention period depends on the nature of your relationship with Kösme, whether as an active customer, inactive customer, or prospect.

Prospects: Personal data collected for marketing or prospecting purposes is retained for a maximum of 3 years from the date of collection.
Active Customers: Data necessary for the management of your account and services is retained for the duration of the contractual relationship.
Inactive Customers: Data related to contract execution, such as account details, orders, and invoicing, is retained for 10 years after the end of the contract. All other data, such as identification and contact details, is retained for up to 3 years from the date of your last interaction with us.

After these periods, the data will be anonymised and retained exclusively for statistical purposes, without being used for commercial activities.

Browsing data collected via cookies that you have authorised is retained for a limited time, not exceeding 13 months, unless otherwise specified in the Cookie Settings panel.

Your Rights and Choices

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.

Right to Access / Know. You may have a right to request access to personal information that we hold about you.
Right to Delete. You may have a right to request that we delete personal information we maintain about you.
Right to Correct. You may have a right to request that we correct inaccurate personal information we maintain about you.
Right of Portability. You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
Managing Communication Preferences. We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.

If you reside in the UK or European Economic Area, and subject to exceptions and limitations provided by local law, you may exercise the following rights in addition to the rights outlined above:

Objection to Processing and Restriction of Processing: You may have the right to ask us to stop or restrict our processing of personal information for certain purposes.
Withdrawal of Consent: Where we rely on consent to process your personal information, you have the right to withdraw this consent. If you withdraw your consent, this will not affect the lawfulness of any processing based on your consent before its withdrawal.

You may exercise any of these rights where indicated on the Services or by contacting us using the contact details provided below. We will not discriminate against you for exercising any of these rights. We may need to verify your identity before we can process your requests, as permitted or required under applicable law. In accordance with applicable laws, you may designate an authorised agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorised them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request in a timely manner as required under applicable law.

Cookies and Similar Technologies

We use cookies and comparable technologies to run the website and provide the Services, secure transactions, remember preferences, measure site performance and, where authorised, provide analytics and advertising measurement. Because we serve visitors in multiple jurisdictions, we implement technical and consent controls to align with applicable law.

We group tracking technologies by functional purpose (for example: operation, preferences, analytics, advertising).
Our cookie banner and consent management interface present recommended default selections when the menu appears; customers can decline any of those selections. Defaults may be pre-enabled in the banner and can be turned off by the user. Where a jurisdiction requires prior affirmative opt-in for specific processing, we will not rely on a pre-selection to establish consent and will enable that processing only after a valid affirmative action has been taken. Consent choices are recorded (who, what, when) to demonstrate compliance.
Non-authorised scripts and tags that perform non-essential tracking are prevented from loading until the visitor's consent status permits them. When a visitor enables a category, the associated scripts/tags/cookies are activated; when consent is withdrawn, Kösme stops placing new cookies for that category and takes reasonable steps to remove related client-side identifiers.
The authoritative, up-to-date list of cookies and similar technologies that may be set when you use the Site (including provider, purpose and typical retention) is published in the Cookie Settings panel accessible from the footer and from the cookie banner. This panel is kept current with the live site configuration and installed apps.
Cookies explained (for convenience in Cookie Settings): “Cookies are small text files stored on your device that help us personalise your experience, track site usage, and analyse traffic. Session Cookies: temporary and deleted when you close your browser. Persistent Cookies: remain on your device until they expire or are manually deleted. We use cookies for core functionality, analytics and marketing. For details on the cookies we use as part of our Shopify-powered store, see Shopify’s Cookie Policy.”
Third parties (including Shopify, Google, Meta, payment providers and app vendors) may set cookies or otherwise collect information through our Site; these parties may process data under their own terms and may act as independent controllers. Where data is transferred outside the EU/EEA/UK/CH we rely on appropriate safeguards such as Standard Contractual Clauses and contractual protections with our providers. Links to relevant third-party privacy and cookie pages (including Shopify) are available in the Cookie Settings panel.
Do Not Track (DNT): DNT browser signals are not a legally effective substitute for the consent and preference mechanisms required under ePrivacy and the GDPR; Kösme does not act on DNT signals. To control tracking use the Cookie Settings panel, browser controls, advertising platform opt-outs (e.g., Google Ads Settings) and privacy tools. Withdrawing consent prevents future placement of the relevant cookies and blocks related scripts; it does not guarantee deletion of data already transferred to third parties before withdrawal — to remove previously shared data you may contact the third party and Kösme will assist where we acted as controller.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the "Last updated" date and provide notice as required by applicable law.

Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call or email us at hello@kosmeshop.ch or contact us at Schifflände 26, c/o Enterprise Treuhand Partners GmbH, Zürich, 8001, CH For the purpose of applicable data protection laws, we are the data controller of your personal information.

Ishizawa Labs - Keana Rice Pack

Hada Labo - Gokujyun Premium Lotion

Quality 1st - Derma Laser Super VC 100 Mask

LION Pair - Acne Cream W

Clear Turn - Skin Conditioning Face Mask

Melano CC - Brightening Essence

Anessa - Perfect UV Sunscreen Skincare Milk N SPF50+ PA++++

Biodance - Bio-Collagen Real Deep Mask