Privacy Policy
This privacy policy explains how we process your personal data. It follows the EU General Data Protection Regulation (GDPR), the revised Swiss Data Protection Act (revDSG) and — for visitors from the USA — California's consumer privacy law (CCPA/CPRA).
1. Controller
The controller responsible for data processing on this website is:
Kern Operations LLC (operator of the “ShipHugo” brand)
Registered office (USA): 30 N Gould St, Ste N, Sheridan, WY 82801 · Registered Agent:
Correspondence address (mail/returns only, not a place of business): Mooswiesstrasse 66, 9200 Gossau SG
Contact: via our contact form
2. Representative in the EU and Switzerland
ShipHugo is operated by a company outside the EU and Switzerland. Where required under Art. 27 GDPR, we appoint a representative in the EU; until a formal appointment is made, you can reach us via our contact form, which we treat as a submission to the controller. A Swiss representative under Art. 14 f. revDSG is not required for our current processing; should this change, we will appoint one and update this policy.
3. What Data We Process
a) Contact and quote form. When you use the form at shiphugo.com/kontakt, we process the data you provide — in particular first and last name, company, email address, phone number, message as well as the optional details on shipping volume, product range and storage needs. Purpose: handling your enquiry and preparing an individual quote. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measure) as well as our legitimate interest in responding under point (f); for Switzerland, Art. 31 revDSG.
b) Server log files. When the website is accessed, technical access data is processed automatically (IP address in shortened/processed form, date and time, page accessed, browser type, referrer). Purpose: secure and stable operation, defence against attacks. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
c) Cookies and tracking. This website sets no analytics, marketing or tracking cookies and integrates no analytics services (e.g. Google Analytics). A cookie banner is therefore not required. The only exception is the spam protection on the contact page (see letter d).
d) Cloudflare Turnstile (spam protection). To protect the contact form against automated abuse (spam), we use “Cloudflare Turnstile” from Cloudflare, Inc. on the page /kontakt. Based on technical characteristics (incl. IP address and browser signals), Turnstile checks whether an entry comes from a human, and deliberately does without advertising tracking and persistent cookies. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a functioning, spam-free form). Further information is available in Cloudflare's privacy policy (cloudflare.com/privacypolicy). The Cloudflare “Turnstile Privacy Addendum” additionally applies.
e) Fonts. The fonts used on this website are served locally from our own server (self-hosted). As a result, simply viewing the pages loads no font data from third-party servers (e.g. Google Fonts) and transmits no IP addresses to third parties.
f) Hosting. The website is hosted with Cloudflare (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA, with data centres incl. in the EU). Cloudflare processes the access data named under letter b as a processor on our behalf. Legal basis: Art. 6(1)(f) GDPR.
4. Recipients and Processors
Your data is only passed to service providers who support us in providing the website and handling your enquiry (hosting and spam protection by Cloudflare). They are contractually bound to confidentiality and to processing on our instructions only. We do not sell your data.
5. Transfers to Third Countries (USA)
In the course of hosting and spam protection (Cloudflare Turnstile) by Cloudflare, data may be transferred to the USA. The transfer is based on the European Commission's Standard Contractual Clauses or on the EU-US Data Privacy Framework, where the respective provider is certified. For Switzerland, the corresponding safeguards under the revDSG apply.
6. Retention Period
We store enquiries submitted via the contact form for as long as is necessary to handle your request and any potential initiation of business, and delete them afterwards, provided no statutory retention obligations apply. Server log data is kept only briefly for security purposes.
7. Your Rights (EU/GDPR and Switzerland/revDSG)
You have the right to access the data we process about you, as well as the right to rectification, erasure, restriction of processing, data portability and objection to processing. You can withdraw any consent you have given at any time with effect for the future. To do so, contact us via our contact form. You also have the right to lodge a complaint with a supervisory authority — in Switzerland with the Federal Data Protection and Information Commissioner (FDPIC), in the EU with the data protection authority of your country of residence.
8. Notice for Users from the USA (CCPA/CPRA)
If you are a California resident, you have the right to know which personal information we collect, to have it corrected or deleted, and to object to the disclosure or “sale” of it. We do not sell personal information and do not disclose it to third parties for payment (“Do Not Sell or Share”). The principle of non-discrimination applies when you exercise your rights. Please submit requests to us via the contact form.
9. Automated Decisions
No automated decision-making or profiling with legal effect takes place.
10. Data Security
The website is delivered exclusively encrypted via HTTPS/TLS. We take appropriate technical and organisational measures to protect your data.
11. Changes
We update this privacy policy when the legal situation or our processing changes. The version published on this page at any given time applies.
Last updated: 5 July 2026