Legal

Privacy Policy

K-I-Soft IT&Holding GmbH  ·  Last updated: April 2026  ·  Applicable law: nDSG (Swiss FADP) & GDPR

This privacy policy explains how K-I-Soft IT&Holding GmbH collects, uses, and protects personal data in connection with the website www.k-i-soft.ch. It complies with the Swiss Federal Act on Data Protection (nDSG / FADP, effective 1 September 2023) and, where applicable, the EU General Data Protection Regulation (GDPR Art. 13).

1. Data Controller

K-I-Soft IT&Holding GmbH
Bernstrasse 27b
3122 Kehrsatz
Switzerland
E-mail: info@k-i-soft.ch
Phone: +41 77 955 55 73

2. Categories of Personal Data Processed

2.1 Website visit (server logs)

When you visit this website, the web server automatically records the following data:

  • IP address (anonymised after 24 hours)

  • Date and time of the request

  • URL requested

  • HTTP status code and data volume transferred

  • Referrer URL

  • Browser type and operating system (User-Agent string)

  • Purpose: Ensuring the technical availability and security of the website.

  • Legal basis (GDPR): Art. 6(1)(f), legitimate interest in operating a secure website.

  • Legal basis (nDSG): Processing is necessary for the legitimate purposes of the controller (Art. 31 nDSG).

  • Retention: Maximum 30 days; IP addresses anonymised after 24 hours.

2.2 Contact by e-mail

If you contact us by e-mail (info@k-i-soft.ch), we process:

  • Your e-mail address

  • Your name (if provided)

  • The content of your message

  • Timestamp of receipt

  • Purpose: Responding to your enquiry and maintaining the business relationship.

  • Legal basis (GDPR): Art. 6(1)(b), performance of pre-contractual measures; Art. 6(1)(f), legitimate interest in responding to enquiries.

  • Legal basis (nDSG): Contractual necessity or legitimate interest (Art. 31 nDSG).

  • Retention: E-mail correspondence is retained for up to 10 years to comply with Swiss commercial record-keeping obligations (OR Art. 958f); messages not leading to a contract are deleted after 2 years.

2.3 Hosting infrastructure (AWS)

The website is hosted on Amazon Web Services (AWS). The hosting contract is with Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg, which acts as a data processor (Art. 28 GDPR, Art. 9 nDSG).

  • Origin region: eu-central-2 (Zurich, Switzerland). The website’s S3 bucket, Lambda functions, and supporting AWS resources are located in this region. Server-side data, including the server logs described in section 2.1, is stored in Switzerland.

  • Edge delivery: Static content is served through Amazon CloudFront, a global content delivery network. Visitor requests are first served by the CloudFront edge location nearest to the visitor. Edge locations exist worldwide, including outside Switzerland and the EU/EEA.

  • What AWS processes: request metadata required to deliver web content (IP address, request URL, response headers, User-Agent, timestamps). This is the same data described in section 2.1.

  • Purpose: Technical delivery, scaling, and security of the website.

  • Legal basis (GDPR): Art. 6(1)(f), legitimate interest in operating a fast and reliable website.

  • Legal basis (nDSG): Processing is necessary for the legitimate purposes of the controller (Art. 31 nDSG).

  • Data processing agreement: The AWS GDPR Data Processing Addendum and the AWS Swiss Addendum apply.

  • International transfers: Where CloudFront serves a visitor from an edge location outside the EU/EEA, AWS relies on the EU Standard Contractual Clauses (SCCs) under Art. 46(2)(c) GDPR. AWS is certified under the EU-US Data Privacy Framework (DPF) for any US-based processing. For Switzerland-specific transfers, the SCC mechanism recognised by the FDPIC applies.

  • Retention: Server logs are retained for a maximum of 30 days; IP addresses are anonymised after 24 hours.

3. Google Tag Manager & Google Analytics

3.1 Google Tag Manager (GTM)

This website uses Google Tag Manager (GTM-55QQFLC4), a tag management service by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). GTM itself does not set cookies and does not collect personal data independently. It only loads other tags (e.g. Google Analytics) after your consent has been obtained.

3.2 Google Analytics 4 (GA4)

Google Analytics 4 is only activated after you have explicitly accepted analytics cookies. Without your consent, no data is sent to Google.

When activated, Google Analytics collects:

  • Pages visited, time on site, referral source

  • Device type, browser, operating system

  • Anonymised IP address (IP masking enabled)

  • Aggregated user interaction events

  • Purpose: Understanding how visitors use the website in order to improve content and user experience.

  • Legal basis (GDPR): Art. 6(1)(a), your explicit consent.

  • Legal basis (nDSG): Your explicit consent (Art. 31(1) nDSG).

  • Retention: Analytics data is retained in Google Analytics for 14 months.

  • Data transfer to USA: Google Analytics transfers data to Google servers in the USA. This transfer is based on the EU Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR and the EU-US Data Privacy Framework (adequacy decision of 10 July 2023). For Switzerland-specific transfers, the SCC mechanism (recognised by the FDPIC) applies.

3.3 Opt-out / Consent withdrawal

You may withdraw your consent at any time by clicking the “Cookies” link in the page footer to reopen the cookie settings banner. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

Additional opt-out options:

4. LinkedIn Insight Tag

The LinkedIn Insight Tag is only activated after you have explicitly accepted marketing cookies. Without your consent, no data is sent to LinkedIn.

This website uses the LinkedIn Insight Tag, a conversion-tracking and retargeting service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”), and LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, CA 94085, USA.

When activated, LinkedIn may collect:

  • URL, referrer URL, IP address (truncated)

  • Device and browser attributes

  • Timestamp of visit

  • LinkedIn member data if you are logged into LinkedIn (matched via hashed e-mail or LinkedIn cookie)

  • Purpose: Measuring the effectiveness of LinkedIn advertising campaigns; enabling LinkedIn retargeting audiences.

  • Legal basis (GDPR): Art. 6(1)(a), your explicit consent.

  • Legal basis (nDSG): Your explicit consent (Art. 31(1) nDSG).

  • Retention: LinkedIn retains Insight Tag data for up to 180 days.

  • Data transfer: Data may be transferred to LinkedIn servers in the USA under Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.

Opt-out: You can withdraw consent via the “Cookies” link in the footer. LinkedIn members can also opt out directly at LinkedIn Ad Settings.

5. Appointment Scheduling (cal.eu)

This website uses cal.eu for booking introductory calls. cal.eu is the EU-hosted instance of Cal.com, operated by Cal.com, Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA. Data is stored exclusively on servers within the European Union.

When you book a call, cal.eu processes:

  • Your name and e-mail address

  • Your selected date and time

  • Your time zone

  • Your phone number (optional)

  • Any message you optionally include

  • Purpose: Scheduling and managing introductory calls between you and K-I-Soft.

  • Legal basis (GDPR): Art. 6(1)(b), processing necessary for pre-contractual measures taken at your request.

  • Legal basis (nDSG): Contractual necessity (Art. 31 nDSG).

  • Retention: Booking data is retained in accordance with Cal.com’s privacy policy.

  • Data storage: Data is stored within the EU. No transfer to the USA or other third countries.

6. Fonts

This website uses the fonts JetBrains Mono and Syne. The font files are served from the same hosting infrastructure as the rest of the website (see section 2.3); no connection is made to Google Fonts or any third-party font CDN. No personal data (including IP addresses) is transferred to Google or any other third party when loading these fonts.

7. Data Retention Summary

Data categoryRetention periodLegal basis
Server logs / IP address30 days (IP anonymised after 24 h)Legitimate interest (security)
E-mail correspondence (contract)10 years (OR Art. 958f)Legal obligation / contract
E-mail correspondence (no contract)2 yearsLegitimate interest
Google Analytics data14 months (Google servers)Consent
LinkedIn Insight Tag data180 days (LinkedIn servers)Consent
cal.eu booking dataAs per Cal.com privacy policyPre-contractual / contractual
Cookie consent preferenceUntil browser storage clearedLegitimate interest (functionality)

8. Your Rights as a Data Subject

Under the GDPR (Chapter III) and nDSG (Art. 25 ff.), you have the following rights:

  • Right of access (Art. 15 GDPR / Art. 25 nDSG): You may request information about the personal data we hold about you.
  • Right to rectification (Art. 16 GDPR / Art. 32 nDSG): You may request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17 GDPR / Art. 32 nDSG): You may request deletion of your personal data, subject to statutory retention obligations.
  • Right to restriction of processing (Art. 18 GDPR): You may request that we restrict the processing of your data in certain circumstances.
  • Right to data portability (Art. 20 GDPR): You may request your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
  • Right to withdraw consent (Art. 7(3) GDPR / Art. 31(1) nDSG): Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect prior processing.

To exercise any of these rights, contact us at: info@k-i-soft.ch. We will respond within 30 days.

9. Right to Lodge a Complaint

If you believe that the processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority:

Federal Data Protection and Information Commissioner (FDPIC / EDÖB)
Feldeggweg 1, 3003 Bern, Switzerland
Website: www.edoeb.admin.ch
E-mail: contact20@edoeb.admin.ch

If you are located in the EU/EEA, you may also contact the supervisory authority of your country of residence.

10. Third-Party Services Summary

ServiceProviderPurposeLegal basisData transfer
Amazon Web Services (hosting)AWS EMEA SARL, LuxembourgWebsite hosting, CDN, edge deliveryLegitimate interest (technical operation)Origin CH (eu-central-2), global edge (SCC + DPF)
Google Tag ManagerGoogle LLC, USATag managementLegitimate interest (technical operation)USA (SCC)
Google Analytics 4Google LLC, USAUsage statisticsConsentUSA (SCC + DPF)
LinkedIn Insight TagLinkedIn Ireland / LinkedIn Corp., USAConversion tracking, retargetingConsentUSA/EEA (SCC + DPF)
cal.euCal.com, Inc. (EU-hosted)Appointment schedulingPre-contractual / contractualEU only
FontsSame hosting infrastructure (see AWS row)Typographyn/a, no third-party font serviceNone additional

11. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or our data processing practices. The current version is always available at www.k-i-soft.ch/datenschutz. The “Last updated” date at the top of this page indicates when changes were last made.

12. Contact

For all data protection enquiries:
info@k-i-soft.ch  ·  +41 77 955 55 73