Wireframe
Capabilities Solution Management Hub Operational Hub Personal Hub q_Pilot Studio Insights About us FAQ Contact

Legal

Privacy Policy

Last update: 24. February 2025

Preamble

The company informs users about personal data processing types, purposes, and scope. This policy covers all personal data handling by q_alizer across websites, mobile applications, and social media presences.

Controller

Q alizer AG
Dominique Schuwey
Ruessenstrasse 6
6340 Baar

Authorised Representatives: Fabio Oro, Beat Seeliger
Email: info@q-alizer.com

Overview of Processing Operations

Categories of Processed Data

  • Inventory data
  • Payment data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta/communication data

Categories of Data Subjects

  • Customers
  • Employees
  • Prospective customers
  • Communication partners
  • Users
  • Business and contractual partners

Purposes of Processing

  • Provision of contractual services and customer support
  • Contact requests and communication
  • Office and organisational procedures
  • Managing and responding to inquiries
  • Provision of online services and usability

Legal Bases for Processing

Under GDPR, processing relies on these foundations:

  • Consent (Article 6(1)(a)) – Data subjects authorize processing for specified purposes
  • Contract Performance (Article 6(1)(b)) – Processing necessary for contract fulfillment or pre-contractual steps
  • Legal Obligation (Article 6(1)(c)) – Processing required for compliance with legal duties
  • Legitimate Interests (Article 6(1)(f)) – Processing necessary for legitimate pursuits unless data subject rights take precedence

Swiss data protection law (Federal Data Protection Act/DSG) applies additionally when processing Swiss citizen data.

Security Precautions

The organization implements technical and organizational safeguards aligned with legal requirements and technological standards. These include:

  • Controlling physical and electronic access
  • Securing confidentiality, integrity, and availability
  • Establishing procedures respecting data subject rights
  • Applying privacy-by-design and privacy-by-default principles
  • Rapid threat response capabilities

Transmission of Personal Data

Data may be transferred to service providers, IT contractors, and content providers. Recipients are bound through contracts ensuring data protection compliance.

Data Processing in Third Countries

Processing outside the EU/EEA occurs only with:

  • Express consent, or
  • Contractual/legal requirements, or
  • Recognized data protection standards, or
  • EU Commission standard protection clauses (Article 44–49 GDPR)

Data Erasure

Data deletion follows statutory requirements once processing purposes conclude. Where retention is legally mandated (tax archiving, legal claims), processing becomes restricted to those specific purposes. Retention periods generally extend 4 years post-warranty, or 10 years for tax documentation.

Use of Cookies

Consent Requirements

Cookies require prior user consent except when strictly necessary for requested services. Users receive clear notification and revocation options.

Legal Basis

  • With consent: Declared user agreement (Article 6(1)(a) GDPR)
  • Without consent: Legitimate business interests or contractual necessity (Article 6(1)(f) GDPR)

Retention Periods

Temporary (Session) Cookies: Deleted upon browser closure

Permanent Cookies: Stored up to two years unless explicitly specified otherwise

User Objection Options

Business Services

Contractual and business partner data (customers, prospects) undergoes processing within contractual relationships and communications for the following purposes:

  • Contractual obligation fulfillment
  • Service provision and updates
  • Warranty and remediation
  • Rights protection and administrative operations
  • Misuse prevention and security

Third-party sharing occurs only for stated purposes or legal compliance. Recipients include telecommunications providers, banks, tax advisors, and payment processors.

Processed Data Types: Names, addresses, bank details, invoices, payment history, emails, telephone numbers, contract terms

Legal Basis: Contract performance (Article 6(1)(b)); Legal compliance (Article 6(1)(c)); Legitimate interests (Article 6(1)(f) GDPR)

Provision of Online Services and Web Hosting

The organization uses web hosting providers managing servers for secure, efficient service delivery. Infrastructure includes computing capacity, storage, database services, and security maintenance.

Access Data and Log Files

Server log files capture web page and file names accessed, access dates and times, data volumes transferred, browser and operating system types, referrer URLs, and IP addresses.

Retention: Maximum 30 days before deletion or anonymization, except evidence-related data retained until incident resolution.

Contact and Inquiry Management

User contact information undergoes processing to respond to inquiries. Processing serves contractual fulfillment or pre-contractual requests, and otherwise operates under legitimate interest in maintaining relationships.

Processed Data Types: Names, addresses, emails, phone numbers, submitted content

Legal Basis: Contract performance (Article 6(1)(b)); Legitimate interests (Article 6(1)(f) GDPR)

Cloud Services

The organization employs internet-accessible software (SaaS) for document storage, calendar management, email delivery, spreadsheets, presentations, content exchange, website hosting, and video conferencing. Personal data including master records, contact information, process data, contracts, and metadata undergo processing and storage on provider servers.

Legal Basis: User consent (Article 6(1)(a)); Contract performance (Article 6(1)(b)); Legitimate interests (Article 6(1)(f) GDPR)

Plugins and Embedded Functions and Content

Functional elements and content (graphics, videos, maps) obtained from third-party servers require IP address processing for delivery. Third parties may employ pixel tags for statistical or marketing evaluation.

Google Fonts

The organization integrates Google Fonts for uniform browser presentation, operating under legitimate interest in secure, maintenance-free font usage.

Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy: policies.google.com/privacy

Changes and Updates

The organization reviews and updates this policy as processing practices evolve. Users receive notification when changes require cooperation or individual attention.

Rights of Data Subjects

Under GDPR (Articles 15–21), data subjects possess:

  • Right to Object – Refuse processing based on Article 6(1)(e)–(f) or direct marketing purposes
  • Right to Withdraw Consent – Revoke authorizations anytime
  • Right of Access – Request confirmation and copies of processed data
  • Right to Rectification – Correct or complete inaccurate data
  • Right to Erasure/Restriction – Demand immediate deletion or processing limitations per statutory provisions
  • Right to Data Portability – Receive personal data in structured, machine-readable format
  • Right to Lodge Complaint – File grievances with supervisory authorities

Terminology and Definitions

Controller

The natural or legal person determining processing purposes and means, acting alone or jointly.

Personal Data

Any information identifying or potentially identifying a natural person, including names, identification numbers, location data, online identifiers, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.

Processing

Comprehensive data handling including collection, evaluation, storage, transmission, or deletion.