Privacy Policy

1. Controller & contact

The controller for the processing of personal data under the revised Swiss Federal Act on Data Protection (revDSG) and Art. 4 No. 7 GDPR is:

MAEDN AG
Gotthardstrasse 26, 6300 Zug, Switzerland
Email: info@maedn.ch
UID: CHE-419.914.631

For privacy inquiries, exercising your rights or reporting incidents, please contact us at the above address or at info@maedn.ch.

2. Definitions & scope

"Personal data" means any information relating to an identified or identifiable natural person. "Processing" means any operation involving personal data, regardless of the means and procedures used. This policy applies to all processing activities of MAEDN AG, including the website, contact channels, customer and supplier relationships, IT and software projects, managed services and FinTech-related implementations.

3. Principles of data processing

We process personal data lawfully, in good faith and proportionately. Personal data are processed only for clear purposes communicated to the data subject and only to the extent necessary. We apply data minimization, accuracy, purpose limitation, storage limitation, integrity and confidentiality.

4. Categories of personal data

• Contact data (name, address, email, telephone, role)
• Communication content (emails, chat messages, meeting notes)
• Contract and order data, billing information
• Technical access data (IP address, browser, time, URLs)
• Project, configuration and operational data of customers
• In specific cases, test and support data from customer systems
• Application data (in case of job applications)

5. Purposes of processing

• Provision and operation of the website
• Communication and inquiry handling
• Initiation, conclusion and performance of contracts
• Customer, supplier and project management
• Operations, support, monitoring and security of IT systems
• Compliance with legal obligations
• Defense of and protection against legal claims

6. Legal bases (revDSG / GDPR)

Processing is based on consent (Art. 6(1)(a) GDPR; Art. 6(6) and (7) revDSG), contract performance (Art. 6(1)(b) GDPR), legal obligations (Art. 6(1)(c) GDPR; Art. 31(1) revDSG) or our legitimate interest (Art. 6(1)(f) GDPR; Art. 31(1) revDSG), such as operating the website securely, maintaining customer relationships and protecting our IT infrastructure.

7. Visiting our website

When you visit our website, your browser automatically transmits technical data (IP address, browser, OS, date/time, requested URLs). This data is processed to provide and secure the website. It is stored separately from other data and deleted or anonymized as soon as no longer needed.

8. Contact form & email

If you contact us by email or via the contact form, we process the data you provide in order to handle your inquiry. Please do not send sensitive or confidential information via the form; for sensitive matters we agree on a suitable communication channel.

9. Hosting, CDN & server logs

The website is hosted by professional service providers in Switzerland and/or the EU/EEA. Server logs (IP address, request, time, status) are processed for security and stability. Logs are retained only as long as needed and protected with appropriate technical and organizational measures.

10. Cookies & similar technologies

We use cookies and similar technologies. Details on categories and purposes are described in our Cookie Policy. Non-necessary cookies are only loaded with your consent and can be revoked at any time.

11. Consent management & web analytics

We use a consent management mechanism that stores your consent choices locally. Statistical and marketing tools are only activated with your explicit consent. You can change or revoke your preferences at any time.

12. Embedded content & social plugins

Where we embed third-party content (e.g. fonts, videos, maps), the providers may receive your IP address and other technical data. We only embed such content where necessary and, where required, only after consent.

13. Newsletter & direct marketing

We do not currently send a regular newsletter. Should we do so in the future, this section will be updated and consent will be obtained where required.

14. Job applications

If you apply for a position, we process the application data you provide for the purpose of evaluating your application. After completion of the application process, the data is retained only as long as required for legal or evidentiary reasons.

15. Customer, supplier & contract data

For business relationships, we process contact, contract and billing data of customers, suppliers and their staff for purposes of initiation, performance and management of contracts as well as for accounting and audit purposes.

16. Project data in IT, software & FinTech projects

In IT, software and FinTech projects, we may incidentally come into contact with personal data of our customers (e.g. user accounts, log data, test data). We process such data exclusively to perform the project, on behalf of the customer, and based on a data processing agreement where applicable.

17. Test data, support data & log files

Test data and support data are processed only as needed for the specific task. We avoid using productive personal data for tests; where unavoidable, we apply anonymization, pseudonymization and tight access controls.

18. Data processing agreements (DPA)

Where MAEDN AG processes personal data on behalf of a customer (e.g. in managed services), we conclude a data processing agreement (DPA) with the customer in accordance with Art. 9 revDSG and/or Art. 28 GDPR.

19. Recipients & third parties

Personal data is disclosed only to the extent necessary, in particular to service providers (hosting, email, IT, billing), authorities (where legally required) or other recipients with the data subject's consent.

20. International data transfers

If personal data is transferred to countries outside Switzerland or the EU/EEA, we ensure an appropriate level of data protection (e.g. EU standard contractual clauses, adequacy decisions, supplementary measures).

21. Storage & retention periods

We store personal data only as long as necessary for the relevant purpose or as required by law (in particular Swiss accounting and bookkeeping requirements, generally 10 years). Afterwards, data is deleted or anonymized.

22. Data security & privacy-by-design

We apply technical and organizational measures to protect personal data: access controls, encryption (in transit, at rest where appropriate), logging, segregation, regular review of measures. Privacy-by-design and privacy-by-default are integrated into our project work.

23. Automated decisions & profiling

We do not use automated individual decision-making with legal or significant effects on you, including profiling, unless you have been informed separately and explicitly consented.

24. Your rights as a data subject

Under the revDSG and, where applicable, the GDPR, you have the right to information, rectification, deletion, restriction of processing, objection and data portability, as well as the right to withdraw consent at any time. To exercise these rights, please contact us at info@maedn.ch.

25. Right to lodge a complaint

You have the right to lodge a complaint with the competent supervisory authority. In Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC). In the EU/EEA, the supervisory authority of your country of residence is competent.

26. Note on sensitive data

Please do not transmit sensitive personal data (e.g. health data) via the website or the contact form. For confidential or sensitive matters we agree on a suitable communication channel.

27. Changes to this policy

We may update this privacy policy if our processing activities change or for legal reasons. The current version is available on this page. Substantial changes will be communicated where appropriate.