Privacy policy.
We process personal data exclusively in accordance with the fully revised Swiss Data Protection Act (DSG, in force since 1 September 2023) and the Data Protection Ordinance (DSV) and — for data subjects in the EU or EEA — in accordance with the General Data Protection Regulation (GDPR).
§ 1Controller
§ 2EU representative (Art. 27 GDPR)
Akceptum AG is domiciled in Switzerland. Where processing falls within the scope of the GDPR and a representative in the Union is required under Art. 27 GDPR, Akceptum AG appoints such a representative. Lub System Sp. z o.o. (Poland) serves as the point of contact and representation structure within the EU. Data subjects in the EU/EEA may contact us at any time via [email protected]; their requests will, where necessary, be forwarded to the representative.
§ 3Principles
We process personal data lawfully, in good faith, proportionately and transparently, and only for the purpose stated at collection, provided for by law or evident from the circumstances (Art. 6 DSG; Art. 5 GDPR). We take appropriate technical and organisational measures to ensure the security of personal data (Art. 8 DSG; Art. 32 GDPR).
§ 4Legal bases and duty to inform
We inform data subjects about the collection of personal data (Art. 19 DSG; Art. 13 and 14 GDPR). Depending on the processing, we rely on the following legal bases: your consent (Art. 6 para. 6 DSG; Art. 6(1)(a) GDPR), the performance or initiation of a contract (Art. 6(1)(b) GDPR), a legal obligation (Art. 6(1)(c) GDPR) or an overriding legitimate interest (Art. 31 DSG as a justification; Art. 6(1)(f) GDPR).
§ 5Server logs and hosting
This website is delivered via Cloudflare Pages. When the site is accessed, technical information is processed to maintain operation and defend against attacks — in particular the IP address (in shortened form), date and time of the request, the URL accessed, the volume of data transferred, the HTTP status, the referrer and the user agent. This data is generally deleted after 14 days. The service provider is Cloudflare, Inc. (USA), which is certified under both the Swiss-US Data Privacy Framework and the EU-US Data Privacy Framework. Transfers to the USA are based, for disclosures from Switzerland, on the Swiss-US Data Privacy Framework and, for data subjects in the EU, on the EU-US Data Privacy Framework, supplemented by Standard Contractual Clauses. Legal basis: legitimate interest in the secure operation of the website (Art. 31 DSG; Art. 6(1)(f) GDPR).
§ 6Contact form
If you send us a message via the contact form, the data you enter (name, email address, company where applicable, message) is transmitted to our service provider Formspree, Inc. (United States), temporarily stored there and delivered to our email address. The data is used exclusively to handle your enquiry.
As Formspree is based in the USA, data is transferred to a third country. Protection is ensured through Standard Contractual Clauses and — where the provider is certified accordingly — through the Swiss-US and EU-US Data Privacy Framework. Legal basis: your consent (Art. 6 para. 6 DSG; Art. 6(1)(a) GDPR) and the legitimate interest in responding to your enquiry.
§ 7Appointment booking
Appointments are booked via Cal.com. When the booking page is accessed, Cal.com processes your input (name, email, preferred date) and, where applicable, technical metadata. Cal.com's privacy policy applies additionally.
§ 8Fonts
This website uses fonts from Bunny Fonts (BunnyWay d.o.o., Slovenia) — a privacy-friendly, GDPR-compliant mirror of the Google Fonts directory. Bunny Fonts sets no cookies and, according to its own statements, does not permanently log IP addresses.
§ 9Audience measurement
Where audience measurement is activated, we use Cloudflare Web Analytics. This tool works without cookies, without fingerprinting and without transferring personal data to a separate analytics platform. Only aggregated page views, referrers and user agents are recorded.
§ 10Processing on our behalf
We use carefully selected processors (in particular for hosting, form delivery and appointment booking) and contractually oblige them to comply with data protection in accordance with Art. 9 DSG and Art. 28 GDPR.
§ 11Retention
We retain personal data only for as long as is necessary for the respective processing purposes or as required by statutory retention obligations (e.g. the ten-year retention obligation for business records under Art. 958f CO). Thereafter the data is deleted or anonymised.
§ 12Disclosure to third parties
We treat personal data confidentially and only disclose it where you have consented, where we are legally obliged or entitled to do so, or where it is necessary to perform a contract. We do not sell personal data. Transfers to states without an adequate level of data protection take place only with appropriate safeguards (Standard Contractual Clauses; Swiss-US and EU-US Data Privacy Framework).
§ 13Your rights
You have the right of access (Art. 25 DSG; Art. 15 GDPR), to rectification, erasure and restriction of processing, as well as to data release and portability (Art. 28 DSG; Art. 20 GDPR). You may object to processing (Art. 21 GDPR) and withdraw consent at any time with effect for the future. You may also lodge a complaint with the competent supervisory authority — in Switzerland with the Federal Data Protection and Information Commissioner (FDPIC/EDÖB), and in the EU with the respective competent national supervisory authority.
§ 14Data protection contact
For data-protection matters, please write to [email protected] with the subject "Data protection".