Classyria · Solarizon Sagl · Aprile 2026
Classyria — GDPR (EU 2016/679) + Swiss nFADP/LPD
Last updated: April 2026 — Version 2.0
Solarizon Sagl · Via Dei Faggi 6A, 6912 Pazzallo, Lugano, Switzerland — CHE-297.873.984
info@classyria.com · www.classyria.com
The Swiss Federal Act on Data Protection (nFADP/LPD) is in force since 01.09.2023.
No formal Data Protection Officer (DPO) has been appointed, as it is not mandatory for the size and type of processing carried out. The Controller handles privacy requests directly.
We process the following personal data provided directly by the data subject via classyria.com, WhatsApp or email:
Identity data: first name, surname, nickname or pseudonym used for personal branding
Contact data: email address, WhatsApp number
Operational data: package type, style brief, visual preferences
Materials provided by the client: photos, videos, physical or stylistic descriptions needed for production
Payment data: processed exclusively by certified third-party providers (Stripe, PayPal, banks) — Classyria does not store card or IBAN data
Technical browsing data: IP addresses, essential cookies and, upon consent, analytics cookies
NOTE — Visual and potentially sensitive data: materials provided by the client (photos, videos, descriptions) may contain data relating to physical appearance, ethnicity or other personal characteristics. Such data is processed exclusively for the purpose of the requested service, with maximum confidentiality, and is not shared with third parties except as described in section 5.
We process your data for the following purposes, each with its own legal basis:
Handling requests and confirming bookings — Legal basis: pre-contractual measures / contract performance (Art. 6.1.b GDPR)
Service delivery, operational communications, file delivery — Legal basis: contract performance (Art. 6.1.b GDPR)
Invoicing and fiscal/legal compliance — Legal basis: legal obligation (Art. 6.1.c GDPR)
Dispute resolution, complaint handling, fraud prevention — Legal basis: legitimate interest (Art. 6.1.f GDPR). Specific legitimate interest: protecting the operational integrity of the service and enforcing the Provider's contractual rights
Anonymous internal service improvement — Legal basis: legitimate interest (Art. 6.1.f GDPR). Specific legitimate interest: optimising the quality of services offered
Anonymous or consented use of materials as portfolio — Legal basis: explicit consent (Art. 6.1.a GDPR), revocable at any time
Direct marketing, newsletters, promotions — Legal basis: explicit consent (Art. 6.1.a GDPR), always with immediate opt-out
Classyria uses artificial intelligence (AI) technologies for the creation of visual content requested by clients.
In accordance with the EU Artificial Intelligence Act (EU AI Act, applicable from September 2025) and evolving European data protection guidelines:
Client materials and data are used exclusively to fulfil the requested service
Client data is NOT used to train third-party AI models
Generated content is personalised and not shared with other users or third parties
The production process is supervised by human staff (internal quality control)
The client is informed of and accepts the use of AI technologies as an integral part of the service upon confirming their package.
Your data may be shared with the following categories of recipients, acting as data processors:
Payment providers: Stripe, PayPal (PCI-DSS and GDPR compliant)
Cloud delivery services: Google Drive (Google LLC — EU standard contractual clauses)
Communication platforms: WhatsApp/Meta (for operational communications)
Website hosting and analytics services: providers based in the EU or with adequate safeguards
Internal operational staff (production team): bound by NDA and confidentiality obligations
Some providers may operate outside Switzerland/EEA (e.g. USA). In such cases, we implement adequate safeguards: EU standard contractual clauses (SCC) or transfer to countries with an adequacy decision.
Your data is NOT sold or transferred to third parties for their own commercial purposes.
We retain your data only for as long as strictly necessary for the stated purposes:
Non-converted enquiries: maximum 12 months from the request date
Client operational data (brief, materials): up to 24 months from final delivery
Produced visual materials: deleted or anonymised within 12 months of delivery, unless explicit portfolio consent is given
Accounting and fiscal data: per Swiss legal requirements (up to 10 years)
Data for legal protection/disputes: for the duration of proceedings and until rights are time-barred
Upon expiry, data is deleted or irreversibly anonymised.
In accordance with GDPR (Arts. 15-22) and the Swiss nFADP/LPD, you have the right to:
Access: obtain confirmation of processing and a copy of your data (Art. 15 GDPR)
Rectification: correct inaccurate or incomplete data (Art. 16 GDPR)
Erasure ('right to be forgotten'): request deletion of data, subject to legal obligations (Art. 17 GDPR)
Restriction: request suspension of processing in certain cases (Art. 18 GDPR)
Portability: receive your data in a structured, machine-readable format (Art. 20 GDPR)
Objection: object to processing based on legitimate interest (Art. 21 GDPR)
Withdrawal of consent: withdraw consent at any time, without retroactive effect
Not be subject to automated decision-making: you may request human intervention on significant decisions
We implement appropriate technical and organisational measures to protect your data:
Data access restricted to strictly necessary personnel
Encrypted communication channels (HTTPS, end-to-end encryption where applicable)
NDA signed by all operational staff
Internal quality control procedures and secure file management
In the event of a personal data breach that poses a risk to your rights and freedoms, the Controller will:
Notify the competent supervisory authority within 72 hours of discovery (Art. 33 GDPR / Art. 24 nFADP)
Communicate the breach to affected individuals without undue delay, where the risk is high (Art. 34 GDPR)
Internally document the incident and the measures taken
No system is 100% secure. We mitigate risks proportionately to the nature and sensitivity of the data processed.
The classyria.com website uses the following types of cookies:
Essential technical cookies: necessary for the website to function, do not require consent
Analytics cookies (e.g. Google Analytics): activated only upon explicit consent via banner
Third-party cookies (e.g. social pixels): activated only upon explicit consent
The cookie banner appears on first visit and does not load non-essential cookies before your choice. You may update your preferences at any time via the banner or your browser settings.
For detailed information on the cookies used, please consult our full Cookie Policy on classyria.com.
The Service is exclusively available to adults (18+ in all countries of operation).
We do not knowingly collect personal data from minors. Should we become aware of having collected data from a minor, we will proceed with immediate deletion.
This Privacy Policy may be updated periodically to reflect regulatory, operational or technological changes.
In the event of material changes, we will:
Publish the new version on classyria.com with a visible update date
Notify clients with an active order by email (where available)
Clearly indicate the document version (e.g. v2.0, v2.1)
Continued use of the Service after publication of changes constitutes acceptance of the updated version.
If you believe that the processing of your data violates applicable law, you may:
Lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) — Switzerland: www.edoeb.admin.ch
Lodge a complaint with the Italian Data Protection Authority (Garante) — Italy: www.garanteprivacy.it
Contact the supervisory authority in your country of residence (for clients in other EU/EEA countries)
For UK clients: Information Commissioner's Office (ICO) — www.ico.org.uk
For UAE/Dubai clients: UAE Data Office — www.uaedataoffice.gov.ae